《安全趋势IDCInformationSecurityTrends》由会员分享,可在线阅读,更多相关《安全趋势IDCInformationSecurityTrends(15页珍藏版)》请在金锄头文库上搜索。
1、安全趋势安全趋势 IDC Information Security TrendsIAM Market Drivers 2004/2005Compliance RegulationsEnterprise SSOPassword ManagementNAC2006 and Beyond: Trends in Identity and Access MgtCompliance still a primary driver, will enter SMB Proliferation of Partnerships: IAM infrastructure + Adv. Auth. technologie
2、sHybrid USB tokens, Smart Cards continue to evolveViable consumer market emerges in 2007/2008Suite providers continue to do well, provide necessary foundation for full SOA-enabled environmentsWorldwide IAM Compliance 20052010 Revenues and Year-to-Year Growth05001,0001,5002,0002,500200520062007200820
3、092010 (US$M)Worldwide Authentication Token Revenue by Type05010015020025020042009HW TokenUSB TokenSLAT*Auth. ServerSource: IDC, 2005$492.$764. ($M)*Software Licensing Authentication TokensApplication-Centric; An Emerging Approach to IAMCompanies such as SAP and Sun partnering for more cohesive appl
4、ication-centric Identity Infrastructure solutionsExample: Suns Java System Identity Mgt Suite now integrated with SAPs Virsa Access EnforcerProvides customers with:realtime insights into user access and resourcesautomates manual process for prov./deprov.enhances compliance capabilitiesautomatic dete
5、ction, notification and remediationApp-centric IAM, continuedOracle also leading this chargeWill be migrating IAM suite over time to function not only as part of app-server solution, but will integrate with Oracle apps suite as well. Will provide customers with following benefits:automate account cr
6、eation with role privileges part of a single business process within org. reduces maintenancereduces man hours reduces costWeb-Services and IAM Come of AgeCompanies migrating towards Web Services. This will allow IAM vendors to:Morph access control technology into a set of container-based functionsH
7、ave these functions will be delivered as part of a standards-based middleware policy frameworkEventually enable IT professionals to deliver security as as set of services, eliminating the need for separately upgrading each and every system on the networkID&AM Trends and DirectionsMulti-Factor Authen
8、ticationSystem Mgt-Centric IDApplication-Centric IDSOA & WSNACWirelessInformation Security Trends (1 of 3)qExternal and Internal Criminals Will Begin Fixing Security Vulnerabilities on Attacked Sites qAttackers Will Exploit Vulnerabilities in Previously Installed Spyware and Other Malicious Code qSk
9、ype and Other VoIP Products, Along with Associated Instant Messaging Applications, Will Receive More Attention from Corporate Customers qCustomers Will Build Internal Policy Controls That Extend Previous Regulatory Compliance Efforts Information Security Trends (2 of 3)qIn Response to Growing Consum
10、er Issues such as Privacy Disclosures, Identity Fraud, and Rising Public/Private Oversight, Online Financial and Merchant Services Will Require Stronger Authentication Methods Beyond Simple PINs and Passwords qAttackers and Legitimate Security Researchers Will Broaden Their Scope qAs Network Devices
11、 Embed More Security Features, We Believe That the Market Will Move Toward Proactive Management to Handle Increasingly Heterogeneous Security EnvironmentsInformation Security Trends (3 of 3)qUnified Threat Management Will Increasingly Dominate Security Appliances, and Other Software Security Product
12、s Will Increasingly Migrate to Appliance-Based Platforms qConsumer Security Will Move from Products to Services qOver the Next Five Years, We Believe That IT Security Will Slowly Start to Assimilate Physical Security such as Door Systems and Video Surveillance Server Security Requirements for Vertic
13、al MarketsqFinancial Server requirements have 50% mainframeqMainframe tends to be more centralized.qHealthcare is less IT intensive, less centralizedqHealthcare is further behind financial services in developing ITqFinancial Service data is more secure and GLBA affects privacyEmerging Killer Apps in
14、 Security?qVirtual hosted desktops not a killer and not even a mainstream.qVirtual Hosted Clients with virtualized server contain many copies of desktop. No local data availability just bring home the RDP client. Very limiting.qConclusion: killer apps do not come along very often.OS & Security?q OS Vendors MUST be perceived as secure. q Todays security products are tomorrows features.q Pop up blockers are not part of IE and toolbars.q Anti-spyware is now part of IE and toolbars.