Although it’s been 23 years since the first worm – the Morris worm – appeared on November 2, 1988, a lot more has happened in the malware arena in the last two years then the first 21 years. This escalating change in the threat landscape is something that drives the need for comprehensive security ever-forward.
And it’s for this reason that I’ve come up with my top 5 security tips for 2012, which I sincerely hope will assist IT security professionals in planning their defence strategies for the year ahead, which promises to be a challenging one for all concerned.
Tip #1 – Firewall operations
Next generation firewalls will continue their strong adoption by mid- to large-size organisations. As a result of this trend, I see the operations management challenges of multi-vendor firewall environments as calling for increasing levels of automation of daily change management tasks.
Tip #2 – Firewall compliance and auditing
A key requirement in the increasingly regulated IT security space we now live in. Continuous compliance will become essential for many more organisations that are striving to keep an always-compliant security status, without waiting for a third party auditor to carry out an annual check.
Tip #3 – CIO’s needing to show 360-degree and holistic reports
Regulatory compliance requirements – particularly in the PCI DSS space – and the consequent legal implications, will drive more companies to automate their network security audits and rely less on periodical audits.
Tip #4 – Firewall compliance and auditing domain
I predict that even those organisations who are not bound to the need for direct regulatory compliance standard will still adopt standards like PCI DSS as a methodology to create a robust network security framework.
Tip #5 – Security change automation
I predict that organisations will embrace even more workflow and ticketing solutions designed to provide a comprehensive pro-active risk plus compliance analysis process. Taking this path will, I believe, allow hard-pressed IT security staff an easy way to achieve a robust continuous compliance process.