RSA 2012 preview: The top trends in IT security

Later this month, information security professionals will descend upon San Francisco for RSA Conference 2012 to discuss the latest trends impacting corporate network security practices.

In a preview of what attendees can expect at the conference, RSA hosted a teleconference on Wednesday with several security analysts who will be speaking at the conference including; John Kindervag, of Forrester Research; Andrew Hay, of 451 Research; and Pete Lindstrom, of Spire Security.

There have been large data breaches reported at several large organizations over the last year, as well as an uptick in the concept of "hactivism" with groups such as Anonymous breaking into and stealing sensitive data from companies and government agencies who they believe are profiteering from or unfairly targeting global social movements like Occupy Wall Street.

While these security threats will continue to loom large from a public perspective over the IT security landscape, there are other concerns on the horizon that could have an enormous impact on the overall industry including how organizations secure big data and mobile devices.

According to the analysts, there has been a lot excitement in the industry over the potential of big data technology and how it could be used to cost-efficiently store the massive amounts of information generated by organizations. However, Kindervag warned that just because an organization now has the capability to warehouse all of its information, it doesn't mean that all of that information is necessarily safe.

"Everyone is getting excited about creating the big data repository, but people are not paying attention to the toxic data in those places," he said. "I think there is good and bad to big data."

There is also the potential with big data for hackers to be able to disguise their intentions, making it seem as if they want to attack one area of an organization's network while they actually intend to go after another.

"Theses are very, very smart adversaries that we have and we should never underestimate them," Kindervag said.

Another big issue facing security executives is the proliferation of mobile devices and how to safely provide them with access to the network.

Until recently, Hay said that many organizations have not done very much with regards to the security of mobile devices on their networks as they were more focused on securing their own end-points.

"I suspect a lot of organizations have wrapped up a lot of those projects to secure their endpoints and are now starting to look at other sources of data exfiltration and mobile is definitely one of the things," Hay said. "With any new technology, security is generally an afterthought."

Hay said securing mobile devices goes beyond traditional network security considerations and that IT security managers have to consider whether they want to have firewalls on these devices, as well as if employees are even going to allow for the installation of security controls on their smartphones and tablets.

"We have to look at how can we secure these devices in an unconventional way? Mobile creates a big problem from a management scalability issue," Kindervag added. "We are going to have to create some new technologies and methodologies to protect our data."

In terms of the continuing convergence of IT and physical security, Kindervag said that he expects more of the responsibility for physical security to be placed on CISOs. He added, however, that while CISOs may bear more responsibility for the implementation of camera systems and things of that nature, they still have no experience with regards to other aspects of a physical security manager's job, such as running a guard force.

"I think there is kind of an alliance there that is a little unnerving to both," he said.