Information Security Wish List for 2016

2870445260_82be0db1db_zAs 2015 draws to a close, it has become clear that Information Security (InfoSec) is a market with technology and vendors that I need to cover.  Over the past 24 months,  just about every single Global 2000 “C” level executive that I have met with and talked to about Information Governance, eDiscovery, Information Technology Operational Analytics (ITOA), IT Automation and Big Data Analytics, have asked about what to do about Information Security. Its an obvious component of Information Governance.  Given the sensitive nature of eDiscovery data, InfoSec is a big concern for all the parties involved.  In addition, some of the more forward thinking IT execs want to know how to include InfoSec in their ITOA and IT Automation plans and it is also an obvious component and concern for enterprises trying to manage Big Data and implement Big Data Analytics.

The worldwide InfoSec market continues to trend upward as defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020.

The data comes from consolidated estimates by IT industry research and analyst firms, including these figures:

  • A report by Visiongain, a business intelligence firm in London, indicates that the global cyber security market is set to be worth $75.4 billion in 2015, as high-demand continues for information security solutions.
  • Research firm Gartner projects that the world will spend $101 billion on information security in 2018.
  • The cyber security market is estimated to grow to $170 billion (USD) by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8% from 2015 to 2020, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical continues to be the largest contributor to cybersecurity solutions.
  • North America and Europe are the leading cybersecurity revenue contributors, according to a report from TechSci Research in Burnaby, Canada. Asia-Pacific is rapidly emerging as a potential market for cyber security solution providers, driven by emerging economies such as China, India and South-East Asian countries, wherein, rising cyber espionage by foreign countries is inducing the need for safeguarding cyber space.
  • Million dollar plus cybersecurity deals (vendors selling to end-users) are on the rise. In a recent research note, analysts at FBR & Co., an investment banking and M&A advisory firm, indicate that the number of seven-figure (cybersecurity) deals have increased by 40% year-over-year.
  • According to IDC, the hot areas for growth are security analytics (SIEM) (10%); threat intelligence (10%+); mobile security (18%); and cloud security (50%).

Given all of this, I plan to spend more time on the InfoSec market in 2016 and beyond. I believe that some of the real breakthroughs and paradigm shifts in InfoSec will occur from the implementation of ITOA and IT Automation platforms.  InfoSec has gotten so complex that it is going to take machine learning, predictive analytics and IT Automation to be able to truly manage the almost overwhelming requirements of InfoSec.

As a great place to start this investigative journey, I wanted to pass along to my readers an excellent article by  , published on December 21, 2015 on the CSO Online Site, titled, “Infosec’s wish list for 2016.”   In his article, Mr. Francis states, “Information Security is one of the fastest-growing and most dynamic fields in technology, due to the increasing sophistication of attacks and the interesting new challenges facing InfoSec professionals. As we approach 2016, several security experts provided their InfoSec Wish List for the new year. Some experts wish for the cyber equivalent of world peace, while others are just hoping for their digital Red Ryder air rifle.”

The full text of Mr. Francis’s article is as follows:

Real accountability

Dr. Chase Cunningham, Director of Cyber Threat Research and Innovation, Armor:I wish that boards and higher leadership would actually hold companies and their leaders accountable for their negligent actions in not securing their infrastructure and ignoring the advice and experiences from years of data breaches. It’s time for pain and punishment to be real in the industry — no more huge breach announcements and then just waiting until things go away.

A true username/password replacement

Morey Haber, VP of Technology, BeyondTrust: While no viable solution exists yet to solve this problem, biometric authentication is being positioned as the Holy Grail to bury this legacy approach to authorization and authentication. This approach could have massive security ramifications if the biometric data itself is ever compromised like the OPM breach. A method to validate a person and their permissions without the risk of biometric data loss would solve many of the data breach problems we have been experiencing.

Encrypt everything of value

Joey Peloquin, Sr. Manager, Threat and Vulnerability Management, Citrix: The next best thing to preventing attackers from compromising the environment is removing access to the goal or objective of their mission: usually an organization’s data. Organizations can jump off the hamster wheel of APT and targeted attack whack-a-mole by first determining what they prize most (again, usually data), and then encrypting it, while properly managing authorized access and usage of it. Without the threat of losing the crown jewels looming over security practitioners, they can focus on moving the security program’s proverbial ball forward.

Less easy targets

Steve McGregory, Director of Application and Threat Intelligence, Ixia:We need to ensure that our security defenses are tough enough to withstand the script kiddies or hackers looking for the low hanging fruit. Give us a deep understanding of what is in our network and clear visibility so we can quickly identify an advanced or targeted attack that can compromise our network; i.e. protect our corporate assets.

A Patch for the PEBKAC Bug

Ryan Olson, Unit 42’s Director of Threat Intelligence, Palo Alto Networks: Despite years of warnings and training, users continue to click on e-mail links and attachments which result in their systems getting infected with malware and their credentials falling into the hands of attackers. A patch for this “Problem Exists Between Chair and Keyboard” problem would eliminate one of the primary vectors used to infiltrate our networks.

More efficient ticketing platforms

Tom Gorup, Security Operations Manager, Rook Security:A ticketing platform that makes life easier on my analysts as well as myself. Current ticketing systems just don’t have what it takes to ease the burden on security analysts, directors, or CSOs. The granular metrics and reporting are lacking in most platforms, especially if you’re looking to identify increased efficiency from process changes. Even more so, if you’re trying to build in automation to create that efficiency, like one-click blocks, easy research, and other areas of opportunity for automation.

Appropriate InfoSec budgets

Jeremiah Grossman, Founder, WhiteHat Security:InfoSec needs to more closely align its scarce resources with how IT invests in the business. For example, if 10% of IT’s budget goes to building networks, then InfoSec should spend 10% of its budget protecting the network. If IT spends 50% on software, InfoSec should spend 50% on software security.

About Charles Skamser
Charles Skamser is an internationally recognized technology sales, marketing and product management leader with over 25 years of experience in Information Governance, eDiscovery, Machine Learning, Computer Assisted Analytics, Cloud Computing, Big Data Analytics, IT Automation and ITOA. Charles is the founder and Senior Analyst for eDiscovery Solutions Group, a global provider of information management consulting, market intelligence and advisory services specializing in information governance, eDiscovery, Big Data analytics and cloud computing solutions. Previously, Charles served in various executive roles with disruptive technology start ups and well known industry technology providers. Charles is a prolific author and a regular speaker on the technology that the Global 2000 require to manage the accelerating increase in Electronically Stored Information (ESI). Charles holds a BA in Political Science and Economics from Macalester College.