One broad theme is that the internal threat to the organization has come to be seen as every bit as serious as threats from outside. IT security may be able to create the greatest perimeter in the world, but if it's compromised by an embittered ex-employee, a financially motivated identity thief or a current employee falling victim to carelessness, security officials must be able to deal with these realities.
Thus, activity is increasing "behind the firewall." Security administrators want to control and monitor all users' digital communications (not just email), as much as they want to detect and block intruders. Tools and technologies that help set up policies to protect and ensure proper internal data usage, constrain users from certain areas and audit activity to enforce security are currently areas for potential growth and investment.
The perimeter itself is also changing, with the current static firewall evolving into an active, next generation firewall solution. This new firewall ultimately will resemble an intrusion prevention system in the way it detects and blocks undesirable users and activities. We see firewalls and intrusion prevention systems merging together as vendors seek to deliver on the promise of unified threat management (UTM).
Convergence of this kind is an often touted theme. And consolidation of security from end-point solutions into a more central product, particularly the router, continues to take hold. This long-developing trend, we believe, is finally reaching market readiness, as vendors are beginning to promote UTM solutions. However, the challenge of maintaining necessary throughput is still an issue, which perhaps highlights another area of opportunity. Whether routers and switches will produce best-in-class security is, at this time, unknown. But routers with significantly centralized security features will have a role in the IT security market.
Another trend that is likely to continue to unfold is the integration of network and security systems. Today, senior managers outside the IT function want to be able to view and use network security data to evaluate risk and make decisions. Common APIs and standard data interfaces will make possible security management reporting systems that allow senior managers to act on security data with greater ease than ever. In this fashion, the evolution of security data management may resemble systems management applications, and should integrate with these applications and vendors over time, as well.
One final early market idea, and thus perhaps area of investment, that we see today is for security to be provided in the network cloud. In this scenario, large ISPs such as AT&T and BT that provide core trafficking of data and network activity, may look to provide security as a service. Security applied in this fashion before the application level may not be able to handle all threats. But for globe-roaming viruses, node-to-node security provided in the cloud will be a significant and useful addition to a "defense in depth" strategy.
In identifying these trends, we've done more than focus on individual new threats or specific emerging technologies. Instead, we've discussed the places where two or more developments may be juxtaposed and reinforce each other. There's no way to know precisely what tomorrow's data bandits will conceive, or what tomorrow's enterprise executives will demand. But security vendors and customers who look for and incorporate the next wave of significant developments from these sectors will be well positioned to withstand the major changes in IT security for some time to come.
Peter Bollier has been a partner and financial executive with 3i since 1984.
David Shapiro, director, has been with 3i since 2001. He can be reached at david.shapiro@3i.com.
