Security: Hitting the Moving Target

CompTIA has fielded an annual security study for eight years. In the most recent study, 49 percent of firms rate security as a top priority, a significant jump from 35 percent of firms in 2008. Other CompTIA studies focusing on industry verticals or technology trends show that security concerns are a common thread through all markets. The IT industry has been talking about security for a long time, and the impacts are well known.

For all the focus, ‘though, security breaches are still common and serious. In just the first quarter of 2011, several stories related to security have made headlines. A German research team showed how to obtain all passwords stored on a stolen iPhone’s keychain in just six minutes. Google was forced to pull apps from its Android Marketplace and remotely delete them from users’ devices because they were actually malware applications disguised as regular apps. A report from the White House shows that cyber-attacks on federal agencies increased 40 percent in the past year. 

However, the most serious breach occurred when attackers recently stole information from RSA, the security division of EMC. RSA’s SecurID products provide two-step authentication by having users input their password along with a number from a physical device. This number changes every 60 seconds and is synchronized with a central security server. Two-step authentication has been viewed as a best practice for accessing sensitive information, but SecurID’s 40 million users across 25,000 corporations are now questioning the security of their data.

Solving the security problem is complicated for two reasons. First, hackers are increasing the methodology and complexity of their attacks as fast as or faster than administrators can build defense strategies. CompTIA’s security study showed that while organizations are still concerned about older forms of abuse, including email viruses and browser-based attacks, new attacks are growing in sophistication and exploring loopholes in new trends such as social media and cloud computing.

The second complicating factor is the mobile workforce and the demands it is placing on corporate IT. Workers in growing numbers are finding productivity gains in the devices they buy for themselves, then attempting to integrate these devices into the workplace. IT staff are caught between a rock and a hard place, trying to allow a wide range of devices for productivity but also trying to secure corporate data.

CompTIA’s annual study will explore the most recent security-related trends, but one thing is clear: thanks to the amounts of sensitive, personal, valuable data that are populating servers and networks, the market for high security is as strong as ever. Security vendors can promote advances in technology as they seek solutions that will fit in with the data policies and experience level of their customers. With IT budgets tight in many industry sectors, organizations will want to be sure to spend wisely on future innovations. An ROI calculation may not capture everything that would be lost as a result of poor security.