Traditional security features don’t stand an opportunity in an information-centric world. But inside the crisis lie opportunities for IT security pros.

Information security discussions have moved from wiring closets to corporate boardrooms. In early 2012, Bloomberg Government and the Ponemon Institute issued a study that showed 172 US-based organizations — from multinational corporations to the government — spend a combined $5.3 billion on cybersecurity.

These institutions estimated they’ll ought to spend $46.6 billion to adequately address today’s attacks — from state-sponsored campaigns to rogue activism that threaten data and the nation’s critical infrastructure. Our systems are becoming so tied to the web, this “grid” could be compromised with a single swipe. The threat is real, relevant, and happening straight away.

It appears 2013 might be remembered because the year when the avalanche of knowledge — from social media and enterprise big data — collided head on with our ability to keep the safety and privacy of that data. The info generated by individuals, corporations, and government organizations is exploding and might neither be contained nor controlled. Chief information security officers (CISOs) and IT professionals, because the stewards of that data, with conventional approaches are bringing a sword to a gunfight.

[ Here’s easy methods to make your network more bulletproof. Read Can Your Network Beat Malware? ]

The world has become fluid. There are few enforceable boundaries between the company and the private, the local and the remote, the datacenter and the cloud. In response to Cisco’s Global Mobile Data Traffic Forecast, by the tip of this year, “the variety of mobile-connected devices will exceed the choice of people on the earth.” Data is being consumed and produced across billions of devices scattered across ad-hoc network connections and crossing boundaries without pause. There isn’t a perimeter within the cloud and the tools we don’t have any longer work.

As a venture capitalist actively investing within the security market, I see three critical issues and related opportunities for info security pros:

1. Walled gardens are getting wild gardens
CISOs are losing the safety arms race. Even highly secure organizations — including the safety companies themselves — was breached. The reason being simple: the safety model traditionally applied not matches the true world. Systems fail as a result of an try to control and contain by drawing boundaries, while data, users, and devices have become dynamic and mobile. Data has become liquid. Location-centric, device-centric, port-centric tools are simply inadequate to the duty.

Security architecture has to become both dynamic and adaptive. Security tools turns into more automated, using machine learning and huge data analytics to reply to attacks. This can be done in a more fluid manner, inquisitive about the info and the applications themselves and not more at the port and the device. CISOs have to re-architect their security paradigm and put money into data-centric approaches along with DNSSEC, AES encryption, and TLS/SSL, and assume their perimeter was compromised.

2. BYOD = BLOT
Organizations tolerate a “bring your individual device” policy, however actually “brings a variety of trouble.” Intellectual property leaks are multiplying. The explanation? Security is concentrated at the containers in preference to the info itself. Mobile security is generally about device management. Datacenters and operating systems protect their perimeter with network and file-access controls. This containment model is failing since the data is moving too fast between devices and users. Even the NSA fell victim with an internal, human-led compromise. Mobile device makers are rushing so as to add containment controls, akin to fingerprint scanners, but there’s still inadequate do something about the information itself.

More Insights