Technology changes leave IT security playing catch up

The arrival of new waves of technology over the next five years will render existing information security measures obsolete and increase security risks in both new and legacy environments, industry experts have warned.

According to Gartner, information security will remain a major executive concern for the "foreseeable future".

Victor Wheatman, managing VP security at Gartner explained: "Whenever new technology is introduced or business fundamentals change, management's focus in terms of funding and resource allocation shifts from the old to the new, creating a security gap.

"In this way, each new wave of technology obliterates the security architecture appropriate to its predecessor, opening the enterprise up to an ever increasing raft of security risks."

Wheatman explained how, in recent years, fast-moving technology developments have left the security environment playing catch up. "In the same way that PCs broke the host-centric security model, networked PCs eroded the gains that had been won in securing individual desktops. Then we saw how distributed applications running across LANs reset security maturity to zero, while the inclusion of external networks as a part of the topology reset client/server security."

Garnter warned that, recently, wireless networking devices have tended to ship with security defaults off and are often installed outside the view of corporate IT organisation.

A growing threat from evolving web services that can allow data to bypass firewalls and introduce yet another set of security issues was also identified.

In addition to the constant cycles of technology change that has kept IT security managers working overtime in recent years, the analyst firm pointed to the cyber threats that will ensure information security threats remain constant over the next few years.

Wheatman said organisations need to evaluate the changing threat landscape in the context of their specific defensive requirements.

"Perfect security is impossible, but continual scanning for new vulnerabilities and monitoring for new threats are critical and a much better investment than to passively sit back and wait to detect attacks. In security, the best defence is a good offence, and the more offensive you can be, the more secure you will be," Wheatman added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.