Traditional security features don’t stand a possibility in a knowledge-centric world. But inside the crisis lie opportunities for IT security pros.

Information security discussions have moved from wiring closets to corporate boardrooms. In early 2012, Bloomberg Government and the Ponemon Institute issued a study that showed 172 US-based organizations — from multinational corporations to the government — spend a combined $5.3 billion on cybersecurity.

These institutions estimated they are going to spend $46.6 billion to adequately address today’s attacks — from state-sponsored campaigns to rogue activism that threaten data and the nation’s critical infrastructure. Our systems are becoming so tied to the net, this “grid” could be compromised with a single swipe. The threat is real, relevant, and happening instantly.

It appears 2013 might be remembered because the year when the avalanche of knowledge — from social media and enterprise big data — collided head on with our ability to keep up the safety and privacy of that data. The info generated by individuals, corporations, and government organizations is exploding and might neither be contained nor controlled. Chief information security officers (CISOs) and IT professionals, because the stewards of that data, with conventional approaches are bringing a sword to a gunfight.

[ Here’s tips to make your network more bulletproof. Read Can Your Network Beat Malware? ]

The world has become fluid. There are few enforceable boundaries between the company and the non-public, the local and the remote, the datacenter and the cloud. In keeping with Cisco’s Global Mobile Data Traffic Forecast, by the tip of this year, “the choice of mobile-connected devices will exceed the choice of people on this planet.” Data is being consumed and produced across billions of devices scattered across ad-hoc network connections and crossing boundaries without pause. There is no perimeter within the cloud and the tools we haven’t any longer work.

As a venture capitalist actively investing within the security market, I see three critical issues and related opportunities for info security pros:

1. Walled gardens became wild gardens
CISOs are losing the protection arms race. Even highly secure organizations — including the protection companies themselves — were breached. The reason being simple: the safety model traditionally applied not matches the $64000 world. Systems fail on account of an try to control and contain by drawing boundaries, while data, users, and devices have become dynamic and mobile. Data has become liquid. Location-centric, device-centric, port-centric tools are simply inadequate to the duty.

Security architecture has to become both dynamic and adaptive. Security tools turns into more automated, using machine learning and massive data analytics to reply to attacks. This would be done in a more fluid manner, fascinated about the info and the applications themselves and not more at the port and the device. CISOs must re-architect their security paradigm and put money into data-centric approaches including DNSSEC, AES encryption, and TLS/SSL, and assume their perimeter was compromised.

2. BYOD = BLOT
Organizations tolerate a “bring your individual device” policy, nevertheless it actually “brings a lot of trouble.” Intellectual property leaks are multiplying. The explanation? Security is targeted at the containers as opposed to the information itself. Mobile security is generally about device management. Datacenters and operating systems protect their perimeter with network and file-access controls. This containment model is failing since the data is moving too fast between devices and users. Even the NSA fell victim with an internal, human-led compromise. Mobile device makers are rushing so as to add containment controls, akin to fingerprint scanners, but there’s still inadequate talk about the info itself.

More Insights