WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Top technology trends

Kuppinger Cole's Martin Kuppinger overviews the trends that business continuity managers need to be aware of.

As in the past years, KuppingerCole has worked out the top trends in IT in general, cloud computing, GRC (governance, risk management and compliance), IAM (identity and access management) and mobile computing. The most important trends are an increasing level of business-IT-alignment and the evolution towards hybrid IT environments based on a well-managed mix of internal as well as external IT services.

IT in general
Cloud Computing will be the number one topic for organizations and IT departments through 2011

• In order to make the best use of cloud computing, organizations will begin to see radical change through separation of consumption and management of IT services and their production;
• Cloud security will remain the greatest obstacle to quick adoption of cloud services.

Information Security will take second place on the CIO agenda

• Driven by tightened privacy laws and new threats like WikiLeaks, the focus in IT departments will shift from securing technology to securing information. Demand will increase for stronger controls and advanced strategic solutions to prevent data leakage (unlike today’s relatively weak point solutions for DLP);
• Information classification will return to the agenda as a good way to protect information.

Service management will be driven by business, not technology

• Cloud computing will bring the needs of business to the forefront; service management will need to reflect this paradigm shift by providing a business view, moving well beyond today’s infrastructure concerns (ITIL) and its focus on technology;
• The demand for IT departments to provide solid planning and accounting of IT services will grow as external clouds create greater transparency and organizations take their first hesitating steps towards ERP for IT.

Everyone wants their own device

• Users increasingly demand to use their own devices; organizations will be forced to adapt to a new world of intelligent personal and portable devices;
• BYOD (Bring Your Own Device) will create new and dangerous threat scenarios, raising the bar for information security concepts for devices which aren’t (fully) under IT’s control;
• The number of different devices used in business will continue to grow, forcing IT departments to adopt management solutions for increasingly heterogeneous environments;
• Information security will increasingly become a critical success factor for business;
• Rating systems in the finance industry will begin to focus on information risk management;
• Overall awareness of the risks involved in information security will raise the pressure in other industries as well.

Cloud computing
As Cloud Computing becomes the standard, it will need standards itself

• Standardization will come to cloud computing, albeit slowly; standards will emerge in all areas, including governance, security, and service management;
• Support for standards will be the key to success and a prerequisite to the successful industrialization of IT.
Cloud computing will be better understood
• Companies are beginning to understand which approach to cloud computing (internal/external; public/private;…) is best for them;
• Service management is starting to be seen as a key enabling technology for successful cloud computing.

Virtualization will benefit from cloud adoption

• Server virtualization is the first step towards successful cloud deployments;
• Storage, desktop, and application virtualization will benefit as well, with desktop and application virtualization becoming the foundation for new business models based on virtual desktops that lead well beyond BOYD and industry clouds;
• Virtualization will lead to identity and data sprawl; IAM will provide the key to successful virtualization.

Cloud security is key to cloud strategy

• IAM is increasingly being understood to be a crucial element in any cloud deployment;
• Security services such as IAM and SIEM will become externalized from cloud offerings; leading on the one hand to greater efficiency, but also creating new risks through security outsourcing.

Community and industry cloud offerings will gather speed

• Cloud providers will focus on integrated business solutions for SMBs as opposed to basic technical services;
• The ‘sweet spot’ for quick and successful entry into a true cloud provider market will grow.

Encryption will gain momentum to address cloud security challenges

• Encrypted storage will become an approach to store information in the cloud; however that not necessarily addresses all issues with regulatory compliance and doesn’t address the issues of ‘data in use’;
• Identity-based encryption will gain momentum, using defined attributes of an identity as one of the keys.

Business and IT will continue to progress towards ‘one GRC for all’

• Strategic focus will shift away from pure-play ‘business GRC’ solutions that do not provide sufficient integration and lack automated IT controls;
• Vendors will increasingly offer standardized solutions involving a mix of manual and automated controls and supporting high-level dashboards and increasingly granular control.

Regulatory pressure will grow in hitherto unregulated or loosely regulated industries

• Information security will increasingly be seen as a must not only in areas such as finance and utilities, but in every industry;
• WikiLeaks-type attacks are likely to occur in all sectors of business.

Access governance market will gradually cease to be perceived as a separate market segment

• Access governance will become more tightly integrated with other GRC approaches, both up the stack towards enterprise GRC and horizontally by providing GRC features for SIEM, process control, and others as well;
• Access governance will become an integral part of IAM, which will increasingly move up the stack and integrate with technical provisioning and business-centric access management.

Identity and access management
PxM (privileged access, account, identity, user management) will become the big key topic during 2011

• As awareness for the crucial role of IAM in cloud computing increases, focus will shift to PxM in the cloud;
• PxM solutions will focus not only for root and Windows administrators, but on all levels from network devices to databases and business applications

Separating security functions from the actual applications and externalizing it as a service will increasingly lead to more secure application development

• XACML will continue to develop as an important technical standard, but will remain shielded from users by higher-level interfaces;
• Application infrastructure providers will begin to provide externalization by design.

Companies will need to redefine their basic IAM infrastructure to make it future-proof

• IAM deployments will be more closely linked to GRC, focusing on business-centric access governance and enterprise policy management instead of on mere technical provisioning;
• Acceptance for more flexible architectures will grow, leading to support for multiple provisioning tools controlled by access governance and service management tools;
• Enhancing IAM to support the cloud requirements will be a key focus for vendors.

Versatile authentication will become widespread

• Organizations will increasingly adopt a variety of authentication technologies for internal and external users based on some form of ‘middleware’;
• Approaches like step-up and risk-/context-based authentication to request the appropriate level of authentication will gain popularity.

The integration of IAM and DLP based on context-sensitive access management will increase protection against data leakage

• Information security will increasingly be seen in the context of identities;
• Access control will be increasingly based on content.

Adoption of user-centric IAM is still in its early stage

• Public awareness and support for approaches such as information cards and OpenID remains lacking and the discontinuation of Microsoft CardSpace will slow down evolution;
• Minimal disclosure technologies will be a driving force for adoption.

Mobile computing
Mobile computing is increasingly at the center of attention when it comes to security. More attacks, malicious apps, and the weak security of most devices are increasingly better understood as a severe security risk

• We only expect slow evolution of built-in security technology in mobile devices, despite the (business) customer’s need;
• On the other hand there will be an increasing number of security apps which, however, are likely to fail due to the architecture and delivery models of apps; real security has to happen at the kernel level of devices, supported by the vendor;
• Besides Blackberry systems, which are somewhat closed and frequently delivered with in-house solutions, all other platforms will become target of attackers, with Android most likely being the main target.

Martin Kuppinger

Author: Martin Kuppinger is founder and principal analyst of Kuppinger Cole, one of the leading Europe-based analyst companies. Kuppinger Cole is the host of the European Identity Conference 2011. For the second time CLOUD 2011 will be co-located with EIC 2011. Martin Kuppinger is the author of more than 50 IT-related books, as well as a widely-read columnist and author of technical articles and reviews. For more information, please visit www.kuppingercole.com

Copyright for this article is retained by © KuppingerCole 2004-2011. Reproduction is forbidden unless authorized.

•Date: 5th April 2011 • Region: World •Type: Article •Topic: IT continuity

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here