Gartner: Traditional IT Security Dead By End of Decade?

The analyst firm Gartner Inc. prides itself on its ability to identify emerging technology trends and talking up what’s next before it has even happened. The firm’s Hype Cycle maps the familiar path from promising new technology to ‘hot technology buzz word du jour,’ and (maybe) on to useful, less buzzy technology that’s actually being used. More important: the Gartner Magic Quadrant rates  technology companies (and their products) according to a set of criteria that includes how forward-looking (or “visionary”) the company is. Given the sway Gartner’s ratings have in companies’ willingness to invest in products, it’s a foregone conclusion that companies Gartner picks to ‘do well’ end up…umm…doing well.

Gartner Hype Cycle 2013
Gartner predicts wholesale changes to the IT Security market, as companies switch to “people centric” security. (Image courtesy of Gartner.)

Gartner has an interest in finding the next big thing in every market – but also of preserving as much of the status quo as possible. (All those quadrants generate some serious cash!!) So I was interested to read about Gartner’s latest prediction that the IT security industry will, in all likelihood, be dead by the end of this decade.

That prediction comes by way of this article over at Help Net Security, which quotes Tom Scholtz, vice president and Gartner fellow, saying that the IT security industry faces a “perfect storm” as three mega-trends converge: socialization, consumerization, virtualization and cloudification. (And ‘yes,’ he used the word ‘cloudification.’)

Joking aside: Scholtz  notes that enterprises are already being forced to adapt to the willy-nilly adoption of smart phones and tablet computers – a phenomenon dubbed “BYOD” in IT circles. The response from their employers has gradually shifted from “no” (blocking) to grudging acceptance to full throated acceptance. But mobile devices and their deep reliance on cloud based resources for data storage and application hosting fundamentally threaten the traditional enterprise IT paradigm, with critical data and IT assets located on a corporate network protected by a (hard) perimeter of security products and access controls.

Mobile devices are already an unwelcome presence on most corporate networks – loosely managed devices that, IT worries, might serve as the conduit for malware infections or data loss. So what’s going to happen as the relatively confined problem of mobile devices mushrooms to encompass all manner of IP-enabled “stuff”? Scholtz said that traditional “control centric” security will be the first victim, as organizations begin focusing on what he calls “people-centric security” that “focuses primarily on the behavior of internal staff.”

In other words, if today’s IT security team is focused on the goal of keeping “bad guys out,” sometimes at the cost of productivity, people-centric security seeks to “maximize human potential by increasing trust and independent decision-making” within the organization.

Scholtz and Gartner are careful to say that “people centric” strategies don’t mean that traditional IT security investments are thrown on the trash heap. Rather, IT needs to keep those controls in place, while also recognizing their limitations and trying to accommodate promising new technologies that will increase user productivity.

“In this interconnected and virtualized world, security policies tied to physical attributes and devices are becoming redundant and businesses must learn to accommodate new demands being made on IT while also maintaining more traditional security controls,” the article reads.

Computing paradigms are changing at a phenomenal rate. The research firm IDC expects that there will be more than 30 billion autonomous devices by 2020. But the shift away from PCs has caught some IT security giants flat footed. Firms like Symantec Corp. have struggled to adjust to a more diversified and de-perimterized corporate environment. That firm laid off 1,700 employees in June as part of a large-scale reorganization that also saw its executive ranks reshuffled.

Other large firms have sought to increase their investment in cloud-based security intelligence and diversified endpoint security. IBM has been up front in noting that its recent $1 billion purchase of the Israeli firm Trusteer would better position that firm in a post-PC world in which the “Internet of Things” is the dominant computing platform.

Trusteer’s endpoint security software was mainly geared to financial services institutions, who turned to Trusteer for help with online banking fraud and other threats. But the company’s experience in cloud based software development and distribution, big data analytics and anti-fraud will also advance IBM’s “Smarter Planet” solutions, giving it expertise in is making in cloud-delivered software and services, 

Comments are closed.