Predictions For The Security Market For 2006
by Fran Howarth, Partner
Long seen as a maintenance issue, security issues have exploded in recent years and now command top dollar in terms of technology purchasing decisions. 2006 will see an even greater focus on security issues, with companies looking to achieve a real return on their security technology investments?rather than merely justifying security investments as a necessary evil. Increasingly companies are placing security at the heart of their corporate infrastructures, as well as creating the necessary links between previously autonomous IT and security operations within enterprises. Here’s where I think we’re heading.
Continued Convergence In The Identity Management Space
Identity Management, one of the most important areas of security investment for enterprises and other organisations is also a current focus for many. 2005 saw several of the smaller, specialised technology vendors operating in this area get acquired by the larger suite vendors and this year will likely see the remaining minnows plucked out of the water.
Because embedding identity management capabilities throughout organisations is a long and arduous task, I’m expecting technology vendors to revise their pricing strategies in 2006, offering more attractive options, especially where customers commit to multiple components of their product suites.
Federated Identity Management Will Reach Maturity
A substantial proportion of large enterprises have some kind of federated identity management plans in place, or have already started to deploy this technology. Most are reporting that the technology issues are not the main burden and most such issues are close to being resolved. As well as this, standards issues are largely being resolved, with SAML 2.0 from OASIS containing support for such things as Liberty Alliance specs and Shibboleth.
Some of the main problems that remain to be resolved are:
- The business practice and process changes that such a technology service requires
- The legal issues that are involved in connecting with business partners, suppliers and customers.
But, best practice examples are emerging, either specific to particular industry verticals, or horizontal in nature. For example; providing easier access to staff benefits for employees – a key driver for companies trialling how federated identity management investments will benefit their operations.
The evolution of federated identity management technology will provide further impetus for the development of networks based on service-oriented architectures (SOA), with identity and authoprization provided as a service across the entire architecture.
Strong Authentication To Gain In Importance
Going hand-in-hand with identity management implementations, heightened awareness of security vulnerabilities is leading more companies to mandate stronger authentication be used, especially for accessing highly sensitive data and applications. Federated provisioning will provide further impetus in this space, along with edicts, such as that from the US federal government that strong authentication be used for access controls.
As regards authentication technology, which is currently two-factor authentication, based primarily on tokens and smart cards, biometrics will increasingly be used, with more advanced, affordable solutions coming onto the market in 2006.
Continued Convergence Between IT and Physical Security
Increasingly, users will be provisioned with both computer network access and physical assets, including computerised access passes, that will tie together IT and physical access controls. As well as this, traditional assets and devices are converging with IP-enabled devices and networks across a wide range of industries. This can be seen in areas as diverse as CCTV and other surveillance technology, environmental controls, tracking devices and all types of communications mechanisms.
Regulatory and standards compliance continues to be a market driver. The growing number of security products on the market that enable companies to automate their efforts to comply with regulations will simplify the compliance process for many. Increasingly, products cross reference a host of regulations to reduce the administrative burden of compliance, and provide regulation-specific templates and remediation advice.
Regulatory and standards compliance will continue to be a key driver of security technology purchasing decisions. Currently, most technology vendors are focusing on US-specific regulations, but 2006 will see expanded support for international regulations.