The financial services industry will see an increase in security professionalism this year, predicts Jonathan Gossels, president of SystemEXPERTS, a Sudbury, Mass.-based security consultancy. "Instead of security being an afterthought, many financial institutions are recognizing that security is critical, and they're institutionalizing it into their development life cycles and standard operating procedures," he says. Gossels explains the top five securities trends for 2005:
1. Transition to defense in-depth: A high-level, long-term, very strategic evolution of the way financial services institutions (FSIs) deal with security. Instead of just securing the perimeter, FSIs are building security into all the aspects of their IT infrastructure: networks, systems applications, policies and practices.
2. Management of complexity: Security has expanded into so many areas that keeping it all straight and making sure that the highest-priority projects really happen is a difficult problem. FSIs are developing a "security dashboard," where they can illustrate all their security areas and grade themselves through a color code; for example, intrusion detection is red (worst), what can we do to move to green (best)?
3. Acceleration of time frames: The world of IT and security is accelerating. It used to be that when new software patches or updates came out, companies would deploy them over a period of weeks or months. Now, the time frames for deployment are often measured in hours. The software development cycle is also increasing in speed, and organizations need to design, implement, test and deploy new functionality a lot faster than before.
4. Regulatory compliance: Regulations such as Sarbanes-Oxley and Gramm Leach Bliley have affected processes around accountability, protection of personal privacy information, disclosure policies and integrity of reported information.
5. Changing of threat environment: Historically, FSIs had to protect themselves only from tech-savvy teen hackers. Today, the threats come from more destructive intruders sponsored by organized crime, hostile governments and terrorists.