Predicting the Business Impact of 2013 IT Trends
By Ramsés Gallego
2013: The Year of Collaboration
The economic depression has already resulted in greater collaboration between businesses and organisations. In the next 12 months, I believe it will develop to form the basis of ‘always-on’ collaboration. The explosive combination of cloud, with increased mobility, plus advancements of social media will see many utilising a heady mix of communication channels to remain in touch: instant messaging, email, video-chat. 2013 is the dawn of the post-PC era.
A ‘Cloudified’ World
The foundations of cloud have been sunk, and there they will remain, as companies have invested billions of dollars into it. What will change is its infusion with the fabric of operating systems—meaning increasingly more people and organizations will embrace it. Unfortunately, however, the name does now have negative connotations; so in all probability, time will see it rebranded—be it Air, Vapour or even Breeze. I predict, as most operating systems have seamless integration with the cloud, there will be the advent of the ‘Personal Cloud’ before anyone notices.
- -Among people using the cloud for mission-critical services, there is a 25-point difference between those who use private (34 percent) versus public (9 percent).
- -One of the top three high-risk actions employees can take is using an online file-sharing service, such as Dropbox or Google Docs (67 percent).
- -The most effective way to reduce IT risk is to educate employees (36 percent).
For too long, organizations have been collecting information with the result that many are drowning in a sea of data. But that could be about to change. To reverse this trend, organizations will not only require storage, but introduce the right architecture and technology that will allow the digestion of this ‘information overload’ to analyze and convert it into actionable intelligence.
Enterprise App Stores
Combined with bring-your-own-device (BYOD), I predict companies will need to introduce their own marketplaces. These ‘app stores’ will allow the provision of the workforce and their devices. It will mean central decisions can be made dependent on who the person is, what they are doing, where they are and when they are doing it. When linked with existing identity and access management solutions, it has the potential to deliver a powerful combination.
Continuing on from the previous theme, and its relevance to identity management and access governance, companies will need to revaluate their deployment of RBAC (Role-Based Access Control). I believe the time has come for the introduction of CBAC (Context-Based Access Control) or perhaps ABAC (Attribute-Based Access Control). Access to sensitive information should be permitted dependent on who someone is, combined with when, where and how they are connected.
Beyond Management: Governance
Segregation of duties is an increasingly complex issue organizations are struggling to comprehend. However, there has to be a differentiation in terms of who does what. Management (execution, tactics, running the environment) needs to be separated from governance (having the vision, evaluating, directing). ISACA’S COBIT 5 will provide a solid foundation for organizations, which is the first framework that establishes the need to separate roles.
The ‘Internet of Things’
The world is changing very fast and, while this might be true, I believe countries or even vast organizations will start to develop their own Internet and this trend will continue. One driver of this trend I believe is political, but could also be to introduce protective and preventive measures—a secure Internet, or a place where safety can be assured. What is for certain is that, with more than 200 billion devices connected, the beginning of ‘The Internet of Things’ is just around the corner.
Growing Privacy Concerns
In the coming year, IT professionals will have to manage not just threats of data leakage and identity theft, but also growing consumer and employee concerns about data privacy.
The protection of private data often referred to as personally identifiable information (PII) is the responsibility of both organizations and individuals. Organizations need to ensure that PII is managed and protected throughout its life cycle by having a governance strategy and good processes in place. Individuals must think before they provide their PII to a third party; your bank is very different to an offshore gambling website. People need to be aware of the value of the information they are providing and assess if they can trust the party to whom they are giving it. Data protection involves improving people’s awareness using best-of-breed technology and deploying sound business processes.
The consumerization of IT, confidentiality of location-based information, privacy-by-design, and an increase in legislative and regulatory mandates that will drive more privacy audits are among the top 2013 trends in data privacy that ISACA anticipates will need to be addressed.
COBIT 5 helps business leaders govern privacy, evaluate the risk around privacy ensure proper security management and effectively govern sensitive information. The framework is available as a free download from www.isaca.org/cobit. For free resources that help calculate cloud ROI and help ensure security in the cloud, visit www.isaca.org/cloud.
Ramsés Gallego is International Vice President of ISACA and Security Strategist for Quest Software, now part of Dell.