Upload
augustus-hood
View
218
Download
2
Embed Size (px)
Citation preview
www.idc.com
Copyright 2006 IDC Reproduction is forbidden unless
authorized. All rights reserved.
Information Security Trends
IAM Market Drivers 2004/2005IAM Market Drivers 2004/2005
Compliance Regulations
Enterprise SSO
Password Management
NAC
2006 and Beyond: Trends in Identity and Access Mgt2006 and Beyond: Trends in Identity and Access Mgt
Compliance still a primary driver, will enter SMB Proliferation of Partnerships: IAM infrastructure +
Adv. Auth. technologies Hybrid USB tokens, Smart Cards continue to evolve Viable consumer market emerges in 2007/2008 Suite providers continue to do well, provide
necessary foundation for full SOA-enabled environments
Worldwide IAM Compliance 2005–2010 Revenues and Year-to-Year GrowthWorldwide IAM Compliance 2005–2010 Revenues and Year-to-Year Growth
0
500
1,000
1,500
2,000
2,500
2005 2006 2007 2008 2009 2010
(US$M)
Worldwide Authentication Token Revenue by TypeWorldwide Authentication Token Revenue by Type
0
50
100
150
200
250
2004 2009
HW Token
USB Token
SLAT*
Auth. Server
Source: IDC, 2005
$492. $764.
($M)
*Software Licensing Authentication Tokens
Application-Centric; An Emerging Approach to IAMApplication-Centric; An Emerging Approach to IAM
Companies such as SAP and Sun partnering for more cohesive application-centric Identity Infrastructure solutions
Example: Sun’s Java System Identity Mgt Suite now integrated with SAP’s Virsa Access Enforcer
Provides customers with:– realtime insights into user access and resources– automates manual process for prov./deprov.– enhances compliance capabilities– automatic detection, notification and remediation
App-centric IAM, continuedApp-centric IAM, continued
Oracle also leading this charge
Will be migrating IAM suite over time to function not only as part of app-server solution, but will integrate with Oracle apps suite as well.
Will provide customers with following benefits:– automate account creation with role privileges – part of a single business process within org.– reduces maintenance– reduces man hours– reduces cost
Web-Services and IAM Come of AgeWeb-Services and IAM Come of Age
Companies migrating towards Web Services. This will allow IAM vendors to:
Morph access control technology into a set of container-based functions
Have these functions will be delivered as part of a standards-based middleware policy framework
Eventually enable IT professionals to deliver security as as set of services, eliminating the need for separately upgrading each and every system on the network
ID&AM Trends and DirectionsID&AM Trends and Directions
Multi-Factor Authentication
System Mgt-Centric ID Application-Centric ID
SOA & WS
NAC Wireless
Information Security Trends (1 of 3)Information Security Trends (1 of 3)
External and Internal Criminals Will Begin Fixing Security Vulnerabilities on Attacked Sites
Attackers Will Exploit Vulnerabilities in Previously Installed Spyware and Other Malicious Code
Skype and Other VoIP Products, Along with Associated Instant Messaging Applications, Will Receive More Attention from Corporate Customers
Customers Will Build Internal Policy Controls That Extend Previous Regulatory Compliance Efforts
Information Security Trends (2 of 3)Information Security Trends (2 of 3)
In Response to Growing Consumer Issues such as Privacy Disclosures, Identity Fraud, and Rising Public/Private Oversight, Online Financial and Merchant Services Will Require Stronger Authentication Methods Beyond Simple PINs and Passwords
Attackers and Legitimate Security Researchers Will Broaden Their Scope
As Network Devices Embed More Security Features, We Believe That the Market Will Move Toward Proactive Management to Handle Increasingly Heterogeneous Security Environments
Information Security Trends (3 of 3)Information Security Trends (3 of 3)
Unified Threat Management Will Increasingly Dominate Security Appliances, and Other Software Security Products Will Increasingly Migrate to Appliance-Based Platforms
Consumer Security Will Move from Products to Services
Over the Next Five Years, We Believe That IT Security Will Slowly Start to Assimilate Physical Security such as Door Systems and Video Surveillance
Server Security Requirements for Vertical MarketsServer Security Requirements for Vertical Markets
Financial Server requirements have 50% mainframe
Mainframe tends to be more centralized.
Healthcare is less IT intensive, less centralized
Healthcare is further behind financial services in developing IT
Financial Service data is more secure and GLBA affects privacy
Emerging Killer Apps in Security?Emerging Killer Apps in Security?
Virtual hosted desktops — not a killer and not even a mainstream.
Virtual Hosted Clients — with virtualized server contain many copies of desktop. No local data availability just bring home the RDP client. Very limiting.
Conclusion: killer apps do not come along very often.
OS & Security?OS & Security?
OS Vendors MUST be perceived as secure.
Today’s security products are tomorrow’s features.
Pop up blockers are not part of IE and toolbars.
Anti-spyware is now part of IE and toolbars.