As companies prepare for the new year, many are adjusting their operations to embrace new IT trends that improve business efficiency, help them cut costs and, in some cases, accomplish both. As a result, they are moving away from the traditional one-server, one-workstation model of old. However, with these new technology strategies come a number of security challenges that must be addressed as well.
Among the more notable IT trends that will emerge in 2012 are cloud computing, virtualization and mobile technology. Each has the potential to benefit companies significantly. At the same time, each introduces a new set of data security issues that require companies to adjust to a more data-centric model of protection and privacy.
The cloud is one technology that has been on the fringe of mainstream adoption for some time. In Gartner's 2011 Hype Cycle report, the research firm noted that cloud computing has moved past the "Peak of Inflated Expectations" and is finally transitioning into a phase in which companies have a more realistic understanding of the technology.
What this essentially means is that businesses understand the aspects – both the positive and the negative – of the cloud more clearly. Of the positive characteristics, businesses realize that cost savings, improved efficiency and unfettered access to data and applications, while attainable, are not guaranteed in the cloud. Rather, these goals take some work and careful planning to achieve.
Data security has received much of the attention when it comes to the negative aspects of the cloud. However, this too has been over-hyped, with critics panning the notion that corporate data stored in the cloud is inherently insecure since it's hosted on shared, third-party servers. As expectations of the cloud come closer to reality, though, more businesses are realizing that while precautions must be taken, cloud services can provide the same level – if not greater – security than many on-premise IT solutions.
Most cloud providers are able to dedicate more resources to IT security than their customers. For example, a small retailer may not have the budget to equip its computers and servers with the most robust data protection solutions, or its personnel may lack knowledge of the best security practices. A cloud vendor, in contrast, bases much of its reputation on its ability to provide services that are effective and secure, and thus, must have the proper solutions and expertise to safeguard its systems.
The cloud will continue to evolve in 2012, and with that, early signs of best practices are likely to emerge as well. Moves toward standardizing certain practices in the cloud are already underway, so it may only be a matter of time before these concepts truly make an impact.
Like cloud computing, virtualization has been around for several years, but has only recently established itself as a staple in the workplace. In a recent opinion piece, Computerworld editor in chief Scot Finnie predicted that 2012 would be the year virtualization finally takes hold.
The reason, Finnie asserted, is that companies are now replacing much of their old equipment and finding that virtualization offers a more affordable and efficient option than most physical hardware. Desktop virtualization has been picking up steam in recent years, and in 2012 server virtualization is likely to join the party.
However, virtualization also requires some significant operational changes, not the least of which includes new approaches to security. Implementing virtualization into the data center also means introducing shared storage. This can help a company reduce its storage spending, but it also necessitates new security measures, such as data encryption and password protection, to ensure systems are only accessed by authorized personnel.
Companies that utilize virtualization effectively can actually leverage the technology for tighter security. This will require cooperation between several teams, including network, applications, storage and security. It will also necessitate a company establishes a virtualization management policy that details who has access to what systems and what combination of tools are needed to protect data.
Consumerization has been one of the biggest developments in the IT department in recent years. Smartphones and tablets especially have changed the way companies operate, giving more power to the mobile employee but also presenting myriad security challenges along the way.
Enterprise mobile technology was once dominated by Research In Motion and its BlackBerry handsets. More recently, companies have introduced bring-your-own-device (BYOD) policies, which have given rise to smartphones and tablets from Apple, Google and others in the workplace.
These devices, while their computing capabilities are impressive, have become targets for cybercriminals and hackers. As Trend Micro's Third Quarter Threat Roundup pointed out, threats against mobile devices have become more sophisticated, with new malware emerging seemingly every other day. Google's Android receives much of the attention when it comes to mobile security, but devices based on Apple's iOS and Microsoft's Windows Phone 7 are vulnerable as well.
Given the amount of information stored and accessed on these devices, it is important companies introduce policies that govern what employee-owned smartphones and tablets can access. When possible, companies may also be wise to equip these devices with remote lock and data wipe capabilities as well as mobile-specific antivirus software.
In his article titled "Getting a running start on 2012 in IT," Computerworld's Finnie described 2011 as a "transitional year" for enterprise IT, noting that technological trends like the cloud, virtualization, mobile technology and others were more conceptual than solidified.
"A lot of big things were on the horizon (data center as a service, for instance), but few of the profound concepts jelled," Finnie wrote. "The consumerization of IT arrived in full measure, and cloud computing stopped being science fiction. Will the changes that take place in 2012 be more concrete?"
Moving into 2012 and beyond, these concepts are likely to become staples, benefiting businesses in countless ways.
With this in mind, it is important that company executives, IT administrators and employees at nearly every level recognize the importance of security as their companies embrace these new technologies and prepare for a new era of corporate IT.
Security News from SimplySecurity.com by Trend Micro