CTO Blog

CTO Blog

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

'New' security is a $4 billion market in 2011

Category :

Sally Hudson, an IDC analyst, positioned the new role of security recently at a high profile global event (the Cloud Identity Summit at the end of July) by defining it as the external necessity for an enterprise to be able to do business with any other enterprise. This is already driving the growth rate which will make a $6 billion market in 2016, at which point it would equate to more than 10% of enterprise applications’ spend. However, this rapidly growing market is not about traditional IT department security measures such as firewalls, which allow enterprise applications to be deployed internally with little or no regard to the issue of security. Instead it is the embedding of key elements into all hardware and software.

Reading the presentations and material from the Cloud Identity Summit really highlights a lot of the issues that we are all facing in managing 'security' in our enterprises today. There is a strong shift in the focus required towards people, devices, and services, and the ability to use these to drive the new wave of external business-to-business or consumer-to-business that has been the basis for strong growth in certain technology sectors.

As an example of this the US Government has announced plans to introduce, by 2016, a 'National Strategy for Trusted Identities in Cyberspace', NSTIC, to 'allow State and Private Business to get the full benefit of eCommerce'. The approach will allow multiple schemes for identity management to be developed and used but within a set of common standards.

Pilots are underway and the US Department of Defense, DOD, reported that the shift to a well managed scheme 'cut intrusions by 46% in days', a point not lost on many CIOs. At the same time the planned shutdown of more than 500 US Government data centers and the use of either virtualization or cloud technology for consolidation is a further demand for a new approach to security. The Federal Chief Performance Officer stated 'moving to a more nimble 21st century model will strengthen our security and the ability to deliver services for less'. A pretty familiar statement of ambition for most CIOs today!

But what is the link to ‘new’ security and the focus on identity security and people? In working through the impact of clouds and new technologies such as tablets changing working practices here at Capgemini, we find it convenient to divide this into two pieces; inside-out and outside-in. Inside-out is the traditional IT where the focus remains on the application and server to provide governance and authentication, albeit through a single sign on service, and includes access to a chosen application from a mobile device. The key point being that everything is controlled from ‘inside’, even in the case of old style access to an enterprise application from a dedicated device that was physically outside the firewall.

The new and more challenging aspect is outside-in where people usually have more than one device, e.g. home PC, smartphone and tablet, and use these devices widely to access a variety of 'services' via the Internet, some of which are good old content from a web server, and historically of relatively low risk, but increasingly may be small applets, or apps from a variety of app shops, or even full-on cloud-based complex sets of 'services' which are a very different risk proposition. Included in these accesses will be their own enterprise both for traditional enterprise applications as well as 'new' style 'services'. But this combination now introduces a risk profile that is new and definitely in need of securing. Just consider the widely reported hacks that Sony, and others have endured as their inside-out application-based systems have been accessed via their outside-in services.

As the most obvious constant in this outside-in environment is the user rather than the location, device, server or application, then the need to refocus security models, tools and architecture is pretty obvious. As most enterprises will have vey little in place for this, even though they will probably find that a reasonable number of their users have already changed their working practices and devices, it seems a safe bet that the predictions as to the growth of the security market will come true! So it’s well worth taking a look at the Cloud Identity Summit to pick up some views and information on this topic!

By the way, I have not described the excellent work of the Jericho Forum on security and their development of architectures that secure all the elements of an interaction/process, or other equally good developments on identity management such as Security Assertion Markup Language, SAML, only because of lack of space and wanting to focus on the change in what needs to be secured.

About the author

Andy Mulholland
Andy Mulholland
Capgemini Global Chief Technology Officer until his retirement in 2012, Andy was a member of the Capgemini Group management board and advised on all aspects of technology-driven market changes, together with being a member of the Policy Board for the British Computer Society. Andy is the author of many white papers, and the co-author three books that have charted the current changes in technology and its use by business starting in 2006 with ‘Mashup Corporations’ detailing how enterprises could make use of Web 2.0 to develop new go to market propositions. This was followed in May 2008 by Mesh Collaboration focussing on the impact of Web 2.0 on the enterprise front office and its working techniques, then in 2010 “Enterprise Cloud Computing: A Strategy Guide for Business and Technology leaders” co-authored with well-known academic Peter Fingar and one of the leading authorities on business process, John Pyke. The book describes the wider business implications of Cloud Computing with the promise of on-demand business innovation. It looks at how businesses trade differently on the web using mash-ups but also the challenges in managing more frequent change through social tools, and what happens when cloud comes into play in fully fledged operations. Andy was voted one of the top 25 most influential CTOs in the world in 2009 by InfoWorld and is grateful to readers of Computing Weekly who voted the Capgemini CTOblog the best Blog for Business Managers and CIOs each year for the last three years.

Leave a comment

Your email address will not be published. Required fields are marked *.