Staying on top of your game as your customers' trusted security expert means staying on top of trends in the ever-evolving information security and threat landscape. 2014 was a year marked by disastrous data breach after disastrous data breach. How are governments and organizations responding in 2015, and what should a security expert know? Here are five things to keep in mind.
1. The regulatory burden on enterprises will increase.
Regulatory requirements around the storage, protection, and sharing of consumer Personally Identifiable Information (PII) have complicated enterprises network and data security strategies for some years now, and the burden of compliance looks likely to grow heavier in 2015 as governments tighten up restrictions and clarify data breach response policies. Keep up to date on the regulations relevant to your consumer base so that you can help them remain in compliance.
2. Attacks via third-party service providers will proliferate.
As the 2013 Target breach showed, cybercriminals are now savvy enough to attack their targets through vulnerabilities in the systems of third parties who have been granted access to target resources. This can prove a useful strategy for a hacker attempting to gain access to systems that have been, for the most part, properly secured. Be aware of which third party service providers your customers use, and what access permissions those third parties have to your customers' systems, so that you can make appropriate recommendations for protection.
3. Insider incidents will become an even greater problem than they are already.
Of course, not every data breach begins with an outside attack. In fact, malicious insiders can do even more harm, as a recent PricewaterhouseCoopers report pointed out. Malicious insiders are perfectly placed to abuse their access permissions for nefarious purposes, exfiltrating sensitive information to sell or to cause damage to the company for which they work. And even well-meaning but careless employees can become a problem if they handle data in unsafe or inappropriate ways, such as with unsanctioned shadow IT applications. Prepare to advise your customers on how they can tighten up access permissions, implement DLP and user activity monitoring solutions, and educate their workforce to prevent insider incidents.
4. Endpoint security will experience a revival.
Particularly in BYOD environments, endpoint security has become more important than ever before. The mobilization of today's workforces, the proliferation of consumer mobile computing devices, and the rise of the cloud has transformed the way information workers operate, often allowing them to access corporate data from any network and any device. Of course, all those devices mean many more points of access for a hacker to exploit. Get up to date on the latest endpoint security technologies, which have evolved far beyond traditional antivirus, to help your customers keep their employees' gear safe.
5. Managed security services will grow in popularity.
Does all of the above sound like a lot to take in? For many enterprises, it is, and the investments required to keep corporate systems and data safe may be too much for organizations to handle. For that reason, managed security services are becoming increasingly popular. A managed security service—such as one that a security-minded VAR might offer—can provide the kind of around-the-clock monitoring and rapid response that an overtaxed internal IT team cannot. Consider offering security services to bring in new customers and build long-term relationships.
The security space is one of the most critical and quickly evolving areas of technology today. Resellers who establish themselves as security experts stand to profit greatly from today's risk-aware environment.
What are other concerns that a security expert should know? Share in the comments here.