Online Crime, Compliance Issues, Worker Mobility, SOA, and Open Source Are Mega-Trends for IT Security, Says Burton Group

Market Wire, July, 2004

Burton Group forecasts the most influential IT enterprise security trends in a recently published report: "VantagePoint 2004-2005 Information Security and Identity Management Trends."

In the report, senior vice president and research director, Dan Blum reviews a number of mega-trends -- including an increase in online crime, compliance issues, worker mobility, service-oriented architecture (SOA) and open source technologies. These mega-trends also impact industry trends in security and identity management, where exciting opportunities and risks exist. Blum advises information technology planners to complement strong technology architecture and insight with a levelheaded focus on risk management.

In-depth discussion of these trends is a cornerstone of Burton Group's annual Catalyst Conference 2004, taking place July 21-23 in San Diego. Hundreds of Burton Group clients, including network planners, architects, and IT decision makers will attend to learn more about these trends and how to prepare for and capitalize on them in today's challenging business environment.

Online Crime - Threats and Vulnerabilities Abound

Burton Group is concerned about the possibility of a Zero Day worm that might appear prior to any published vulnerability or patch and, therefore, do great damage before it can be stopped. With increased functionality, code size and complexity in both Windows and Linux distributions; persistent application quality problems; and the difficult challenge of protecting against insider attacks, vulnerabilities are likely to increase.

Compliance Issues - Increasing Regulation Spawns Compliance Maze

Due to complex and new regulations, there is no simple standard for appropriate enterprise security. Difficulties arise when organizations have not mapped the regulations or have difficulty cutting through pages of regulatory interpretations to determine real risks and identify a set of "reasonable controls."

Mobile Workers - New Enterprise Security Challenges

Wireless LANs and mobile devices are creating security holes in enterprises' defensive posture, raising additional risk of intellectual property loss or infection of business systems with malware. "Protection measures on mobile devices or wireless PCs require well designed security protocols, devices, configuration management and provisioning," says Blum.

SOA - Service-Oriented Architecture Promises Security Risks and Rewards

Wide adoption of Simple Object Access Protocol (SOAP), Web services security (WS-Security), and other standards will lead to greater consistency in the way distributed software components communicate. "Reduced interdependency and increased consistency should improve security in the transition from tightly coupled to loosely coupled (or SOA) distributed computing approaches," say Blum, "but new risks will aggregate around distributed, reusable components."

Open Source - Coming Into its Own

Open source is driving innovation in infrastructure components, or standards. "Linux has generally better reliability and on-the-box security than Windows," says Blum, "however, Windows has better built-in distributed domain management and domain security components."

Security Trends - Patching the Extended Perimeter

Worms and viruses have forced enterprises to extend perimeters and adopt patch management as yet another technology that only addresses the symptoms of poor software design and development. Vendors are struggling to address the customers' real needs for compliance and integration of burgeoning security solutions. "The various demands on IT security make wise governance and well-conceived security and identity management architectures all the more important," says Blum.

Identity Management Trends - Ever-Increasing Privacy Issues

Directories are the foundation for identity-based security. The need to integrate complex, overlapping access management and user management functions above directories is driving vendors to offer identity management suites, and partnerships. Virtualization and federation are extending the value of directory repositories, while highly personalized systems with granular authorization data present ever-increasing privacy issues. "Emerging identity management standards such as Security Assertion Markup Language (SAML) and the widespread use of Extensible Markup Language (XML) and Web services programming models are making it easier for applications to leverage identity services," says Blum.

About Burton Group

Burton Group -- www.burtongroup.com -- is the only enterprise IT research and advisory services firm focused exclusively on infrastructure technologies. Burton Group's unbiased, in-depth, technical research and advice helps IT technologists and architects make smart enterprise architecture decisions in increasingly complex environments.

Burton Group covers directories, security, identity management, application platforms, architecture, and network and telecom infrastructure topics.

Contact: Amie G. Johnson Burton Group PR Manager 801-304-8136 ajohnson@burtongroup.com