About a year ago, Intense School reached out to Tracy Lenzner, founder and CEO of Williamsville, New York-based LenznerGroup, to get her predictions for the IT/IS industry in 2014.
Over the course of the interview, Lenzner – whose company is a premier leader in executive search services dedicated to global security, cyber defense, technology risk management and digital transformation arenas – touched on things to watch out for, highlighted possible changes afoot, and recommended how IS/IT professionals and businesses could position themselves to benefit.
CCNA Training – Resources (Intense)
What follows is an update where we ask Lenzner not only to comment on how she believes her predictions panned out, but also to provide her predictions for 2015.
INTERVIEW WITH TRACY LENZNER
Intense School: Early last year, you shared with Intense School your predictions as per the top five tech trends for 2014. Overall, how do you think you did?
Lenzner: Very well. My predictions seem to track the majority of 2014 trends identified. Overall, the marketplace was a hotbed for business and consumer enabled technologies, cyber incidents and global awareness. Despite last year’s confidence in organization’s enterprise security programs, 2014 was a tough year. Riddled with successful and very public cyber attacks, stagnant budgets, an increasingly vulnerable Internet and interconnected world, it became clear that we do not have ideal answers or solutions to rapidly emerging unknowns.
Intense School: The first of the anticipated trends you mentioned last year was consumerization. Specifically, you said, among other things, not only that devices linked to Wi-Fi would be exploitation targets, but also that malware in the Android and iPhone spaces would likely increase. Looking back now, did this projection materialize as you had envisioned?
Lenzner: Absolutely. According to SC Magazine [on] January 05, 2015,…’Anyone who reads the news or owns a smartphone knows that Android malware is on the rise, but what is surprising is the exponential growth, nearly 300 percent, of that malicious software from 2011 through 2014.’ Overall, mobile threats are soaring and getting worse.
Intense School: Key trend number two on your list dealt with ID and access management. You said that “new encryption technologies, data classification initiatives, greater compliance and enhanced controls” would be needed as a result of threats associated with data breaches and the like. Any comments on how things played out over the past year?
Lenzner: Although this area continued to evolve, it proved not quickly enough for the majority of organizations and consumers. In 2014, a reported 145.6 million individuals/households and businesses were impacted by top breaches including five companies–JPMorgan Chase, Home Depot, Target, Michaels and Community Health. To put it in perspective, this number is roughly the population of California, Texas, Florida, New York, Illinois, Pennsylvania, Ohio and Connecticut combined. Some of these breaches represent password and username solutions that were inadequate. As a result, new solutions for authentication will be required, such as smartphone verification, token or biometric recognition, among others.
Intense School: Enterprise collaboration was trend number three, and you said last year that the deployment of enterprise applications would continue to increase globally. Any thoughts on the year that was as concerns this prediction?
Lenzner: ‘Cloud has become the default development platform for software vendors’ enterprise applications,’ said Bob Muglia, CEO of Snowflake Computing. ‘It is also becoming the default choice for most companies’ packaged applications and is even starting to become the default choice for companies’ internal IT application development projects.’ Propelled by the need for speed and new threat vectors,
the enterprise application space is rapidly moving toward real-time data and real-time answers, requiring apps to be fully functional, with prioritization for application security throughout its life cycle. As web and mobile-based threats, network-bases threats and physical threats increase worldwide, organizations will be forced to continually develop and/or deploy trusted, cross-platform…solutions.
Intense School: In your fourth prediction, which focused on global frameworks, you said that “new regulations, compliance and risk frameworks” would “play a key role in most organizations.” Did organizations mobilize and move as quickly on this front as you had expected?
Lenzner: Unfortunately, as new mobile/technologies, expanded threat landscape, exponential growth of social media venues, coupled with very public breaches and global espionage events, required reactive focus, versus slower moving policy and regulatory change. Moreover, despite continued efforts towards operationalizing risk frameworks, managing security and compliance programs, there was no marked increase in budgets for technology spend, staffing and training.
Intense School: What about new delivery models, the final of the five predictions you mentioned as part of last year’s list? Did things unfold more or less how you had anticipated?
Lenzner: Yes, [the] expanded delivery models market grew, i.e., new partnerships, private/public alliances, co-sourcing, outsourcing, managed services [and] cloud solutions. [It]…played a key role across products, services and cyber workforce space. This trend will continue throughout 2015 and beyond, as organizations worldwide seek highly specialized, cost effective, flexible and scalable resources.
Intense School: Now that we’ve considered your predictions for 2014, how about a rundown of some of your predictions for top IT/IS trends for 2015?
Lenzner: In a remarkably rapid and brief period of time, we have moved from fixed perimeters to global environments where people, processes and technology are mobile, interconnected and virtual-based assets. From driving one’s car, sitting in an airplane, wearing a pacemaker, to fighting crime and terrorism, physical and digital technologies will continue to converge. And with that, security, risk and privacy, can no longer be separated, siloed or ignored.
2015 begins a paradigm shift in both the U.S. and abroad, with spotlight on financial services, healthcare, technology, mobile carriers, critical infrastructure, manufacturing, government and defense, along with respective supply chains, to provide security, privacy, compliance, risk policy, transparency and resilience.
With that said, regulatory changes and standards are taking shape in the U.S. and abroad. For example, President Obama recently announced his plan to improve confidence in technology by tackling identify theft and improving consumer and student privacy, wanting Congress to pass legislation requiring companies to inform customers within 30 days of a data breach. Globally, the European Union is implementing tough new standards this year, with enforcement starting in 2016 around collection, storage and use of information, along with severe penalties for loss of data and breach notification.
Cloud Service Providers will increase. Data sovereignty concerns will continue for global CSPs, resulting in data centers located in jurisdictions of their customers. Amazon and VMware, for example, recently opened database centers in other countries to meet that country’s customers’ needs.
2015 will see costs, but not necessarily budgets, rise, especially due to regulatory mandated expenses associated with breaches, and privacy and breach laws in both the U.S. and abroad. Global competition for staffing among compliance, security, privacy and risk functions will continue, coupled with greater involvement by legal, HR, C-suite and board.
Internet of Things will become mainstream as technology shifts from traditional end-user products and services to embedded security devices, intelligent systems and some cybernetics. Continued VC investment, M&A activity, public and private partnerships, intelligence sharing and policy changes, in effort towards providing a comprehensive suite of software and related security solutions (such as behavioral — predictive — turnkey analytics performing actionable and controls based algorithms) around cloud, mobile and analytic technologies.
To provide real-time threat detection and response, new managed defense services and unique partnerships to address shared risk will be created [and] positioned to handle a wide range of sophisticated attacks and advanced threats. This trend will accelerate. [A]s both large and small organizations are unable to keep pace with complexity of attacks and threats, more legal, regulatory and compliance will be required. Renewed focus on R&D by both commercial and public sector will help bring new ideas and shared expertise to the marketplace. Organizations dedicated to recruiting, training and retaining the right talent will maximize achieving success.
Intense School: How can IT/IS professionals and companies make the most of these trends?
Lenzner: Security Domains: In terms of function, traditionally information security practice focuses on organizational information assurance, data operations, standards and compliance, while, cyber security tends to specialize in cyber defense and incident response. Although the two disciplines may be similar and overlap, there are some fundamental differences in their scope, as well as other critical functions, not included in the above. Given the complexities of Security today, I would anticipate information security will continue to be a main corporate function, while cyber security will also have a specialized role. As technology and threats increase worldwide, security functions and related domains [are] expanding. Therefore, expect to see information security and technology risk management, more than likely as separate functions, reporting into different areas of an organization, as is security architecture and system engineering, big data and analytics, mobility and cloud computing, threat intelligence and response, digital investigation and forensics, cyber law, privacy and policy, physical security, etc. Security professionals who wish to advance and succeed, regardless of his or her experience level or areas of expertise, will require continuous technical and leadership acumen, gained by a combination of education, training, certifications, licenses and industry engagement – for each domain and/or specialization.
Global skills gap will continue to increase. As technology and threats escalate, the cybersecurity workforce shortage is becoming more critical and broadly recognized. Businesses, governments and academia need to provide new approaches for identifying, developing, advancing cyber talent. Advanced education and defined skills training, clear metrics for professional certifications and industry standards, along with progressive career paths, is critically needed. Hard technical skills can be important career differentiators, however, top performers are distinguished by their ability to provide relevant solutions, define vision, strategize and secure support from stakeholders, champion resources and talent required to translate vision into reality.
The year is still young, and there’s much yet to come. But based on what Lenzner has to say, it looks like 2015 will be a busy year filled with opportunities and challenges for IT/IS professionals and companies.