Thursday, October 18, 2012

Gartner Says IT Supply Chain Integrity Will Be Identified as a Top Three Security-Related Concern by Global 2000 IT Leaders by 2017

by Press Releases on October 18, 2012

Gartner’s Maverick Research Special Report Sparks New, Unconventional Insights

STAMFORD, Conn., October 18, 2012 — Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward, according to Gartner, Inc. By 2017, IT supply chain integrity will be identified as a top three security-related concern by Global 2000 IT leaders.
These findings are produced as part of Gartner’s Maverick research. Maverick research is designed to spark new, unconventional insights. Maverick research is unconstrained by our typical broad consensus-formation process to deliver breakthrough, innovative and disruptive ideas from our research incubator.
Supply chain integrity is the process of managing an organization’s internal capabilities, as well as its partners and suppliers, to ensure all elements of an integrated solution are of high assurance. The need for integrity in the IT supply chain is necessary, whether the solution is developed in-house or purchased from a third party.
“IT supply chain integrity issues are real, and will have mainstream enterprise IT impact within the next five years,” said Neil MacDonald, research vice president and Gartner Fellow. “In the shorter term, the market for information security offerings will fragment along geopolitical lines. In the longer term, the same will happen for OSs and other IT system infrastructure software, reshaping the IT landscape moving forward. Enterprise IT departments must begin to make changes today to protect their systems and information in a world where all IT systems are suspect. These changes in information protection strategies will help enterprises embrace and adopt cloud computing and consumerization, which have strikingly similar issues with untrusted systems.”
“IT supply chain integrity issues are expanding from hardware into software and information,” said Ray Valdes, research vice president at Gartner. “They are growing more complex as IT systems are assembled from a large number of geographically diverse providers, and, now of mainstream concern to enterprise IT. These issues are not just about defense and intelligence. This has significant implications for businesses, governments and individuals moving forward in a world where the integrity of the IT supply chain is no longer completely trustable, and where all layers of the IT stack will be targeted for supply chain compromise.”
The IT supply chain has become more complex, fine-grained, globally distributed and volatile in the sense that rapid change provides the opportunity to introduce compromises. Hardware vendors are increasingly outsourcing not just manufacturing, but also design to OEM suppliers and contractors located in Asia and India. In some cases, established Asian suppliers are outsourcing to emerging economies, such as Brazil, Vietnam and Indonesia. This is a complex problem, since most hardware systems are a conglomeration of components and subsystems procured from a large number of individual providers.
However, Gartner analysts said most hardware systems include software-based elements (at a minimum, firmware and drivers), with the trend to shift more intelligence out of hardware and into software. In an information- and software-based economy, IT supply chain integrity must extend to include the following:
Software supply chains — This includes components, frameworks, middleware, language platforms, virtual machines (VMs) and operating systems (OSs), but also the software infrastructure and environment for software distribution and updates (such as DNS, identity, application store packaging and digital certificates).
Ensuring the integrity of software supply chains is a more difficult problem because of the increased use of offshore development, the relative ease of cloning software, and the ongoing need to keep software patched and updated via trusted mechanisms.
Information supply chains — Information is now becoming available from a variety of sources — from partners, suppliers and cloud-based services, such as data from Google Maps, Twitter, Facebook and Amazon. This information can be incorporated into connected applications, information marketplaces and the information integrated from partners in an extended supply chain ecosystem. Critical decisions will be based on information assembled from many other sources, creating a similar supply chain integrity issue to that of hardware and software.
Additional information is available in the report, “Maverick* Research: Living in a World Without Trust: When IT’s Supply Chain Integrity and Online Infrastructure Get Pwned.” The report is part of the Gartner Special Report “Drive Disruptive Innovation with Maverick* Research.” This Special Report explores high-impact future scenarios that help companies think differently to uncover opportunity and enable innovation. This collection of research is intentionally disruptive and edgy to help IT leaders get ahead of the mainstream and take advantage of trends and insights that could impact their IT strategy and their organization. The Special Report is available at http://www.gartner.com/technology/research/maverick/.
Mr. MacDonald and Mr. Valdes will provide additional analysis at Gartner Symposium/ITxpo in Orlando, October 21-25.
About Gartner Symposium/ITxpo
Gartner Symposium/ITxpo is the world’s most important gathering of CIOs and senior IT executives. This event delivers independent and objective content with the authority and weight of the world’s leading IT research and advisory organization, and provides access to the latest solutions from key technology providers. Gartner’s annual Symposium/ITxpo events are key components of attendees’ annual planning efforts. IT executives rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use IT to address business challenges and improve operational efficiency

IBM releases ten integrated security solutions

IBM releases ten integrated security solutions
Posted on 18 October 2012.
Bookmark and Share
IBM announced a broad set of security software to help holistically secure data and identities.


IBM’s new software capabilities help clients better maintain security control over mobile devices, mitigate internal and external threats, reduce security risks in cloud environments, expand database security to gain real-time insights into big data environments such as Hadoop, and automate compliance and data security management.

Along with IBM Security Services and IBM’s world-class research capabilities, this set of scalable capabilities supports a holistic, proactive approach to security threats spanning people, data, applications and infrastructure.

“A major shift is taking place in how organizations protect data,” said Brendan Hannigan, General Manager, IBM Security Systems. “Today, data resides everywhere—mobile devices, in the cloud, on social media platforms. This is creating massive amounts of data, forcing organizations to move beyond a traditional siloed perimeter to a multi-perimeter approach in which security intelligence is applied closer to the target.”

According to the 2012 IBM Global Reputational Risk and IT Survey, global senior executives identified IT risks -- ranging from data thieves to the use of emerging technologies including cloud, mobile and social media -- as a major cause of concern. IBM is unveiling ten new products and enhancements to help organizations deliver real time security for big data, mobile and cloud computing.

Real time security for big data environments

As information grows in volume, variety, and velocity, organizations are looking beyond relational data sources to find insights, to make businesses more agile and to answer questions that were previously considered beyond their reach. Today, state of the art technologies including Hadoop based environments have opened the door to a world of possibilities.

At the same time, as organizations ingest more data, they face significant risks across a complex threat landscape and they are subject to a growing number of compliance regulations. Traditional approaches to data protection are often unable to meet these requirements.

With today’s announcement, IBM is among the first to offer data security solutions for Hadoop and other big data environments. Specifically, Guardium now provides real time monitoring and automated compliance reporting for Hadoop based systems such as InfoSphere BigInsights and Cloudera. With federated controls across data sources, clients can understand data and application access patterns, help prevent data leakage and enforce data change controls.

Built-in audit reporting can be used to generate compliance reports on a scheduled basis, distribute them to oversight teams for electronic sign-offs and escalation, and document the results of remediation activities. Organizations can also automate the detection of vulnerabilities and suggest prioritized remedial actions across heterogeneous infrastructures. In addition, IBM offers data masking to de-identify sensitive data as it moves into and out of big data systems.

Mobile security framework improves access and threat protection

Today IBM is announcing risk-based authentication control for mobile users, integration of access management into mobile application development and deployment as well as enhanced mobile device control. IBM is also announcing a comprehensive Mobile Security Framework to help organizations develop an adaptable security posture to protect data on the device, at the access gateway and on the applications.

With the launch of its new access management capabilities, IBM now offers greater context aware access control for mobile users, improved mobile threat protection, and enhanced mobile device control. With a broad portfolio of solutions for mobile security and management – including solutions for mobile application security and mobile security intelligence, IBM can help protect against security breaches, whether malicious or unintentional through risky employee access of data and applications - anytime, anywhere from any device.

Furthermore, with the simplicity of these mobile devices making them pervasive and seamlessly integrated into consumers’ everyday lives, new threats are evolving based on popular mobile-based activities such as retail purchases, managing bank accounts and updating social networks. The ubiquitous nature of mobility across both businesses and consumers requires that securing the smartphone encompass the device, the network and the applications on the device so that employees, consumers and even partners know their transactions are being executed across a secure environment.

IBM transforms cloud security from an inhibitor to an enabler

While the cloud can increase productivity with anywhere, anytime information access, it can also introduce additional challenges for enterprise security. To realize the value that cloud computing presents, organizations are looking for integrated security solutions to help address the risks.

IBM today is announcing security portfolio enhancements designed to address these new challenges, providing improved visibility and increased levels of automation and patch management to help demonstrate compliance, prevent unauthorized access and defend against the latest threats using advanced security intelligence.

With IBM’s new SmartCloud for Patch Management solution, patches are managed automatically regardless of location and remediation cycles are reduced from weeks to hours thereby reducing security risks. Additionally, IBM is announcing enhancements to its QRadar Security Intelligence Platform that provides a unified architecture for collecting, storing, analyzing and querying log, threat, vulnerability and security related data from distributed locations, using the cloud to obtain greater insight into enterprise-wide activity and enable better-informed business decisions.

The new IBM Security Privileged Identity Manager is designed to proactively address the growing insider threat concerns and help demonstrate compliance across the organization. IBM Security Access Manager for Cloud and Mobile which provides enhanced federated single sign-on to cloud applications is now available with improved out-of-the-box integration with commonly adopted SaaS applications and services.