IBM exec warns against budget cuts on IT security

If there is something companies should continue spending on despite the present global economic crisis, it would have to be IT security,according to Marne Gordan, GRC market manager for IBM's Tivoli Software Division.

Slideshow: What tech industry CEOs are saying about the economy

Gordan, whose GRC title means "Governance management, Regulatory analysis and Compliance," said scrimping on IT security to save money could lead to dangerous results.

"There are consequences in cutting costs on IT security. Threats could succeed five times to 10 times more," Gordan said.

Ina recent media roundtable on "Risk Mitigation" held at the Renaissance Hotel in Makati City, IBM executives talked about the impact on security of the global economic crisis, warning that cyber traffic and cyber crimes are on an uptrend.

Gordan reported that the major risks come from emerging technologies, such as cloud computing, IT green initiatives, virtualization, and Software as a Service (SaaS), as well as from the explosion of multiple digital identities and the proliferation of mobile phones and PDAs as access points to the Internet.

Reporting on IBM's newly launched Security Technology Outlook (STO), a study on potential security challenges, Gordan identified nine important trends and technologies that are expected to shape the security environment over the next five years.

"IBM's purpose for the STO is to identify security gaps of emerging technologies and to provide solutions for the problem," she said.

Gordan explained that while most vendors focus on and manage one area of risk,IBM's approach is to strategically manage risk end-to-end across all areas of the organization.
This allows organizations to better understand and prioritize risks and vulnerabilities based on their potential to disrupt critical business processes, she noted.

The IBM Security Framework identifies five key security areas: people and identity; data and information; application and process; network,server and end point; and physical infrastructure.

Gordan also cited the nine main drivers for security requirements in the next five years. These are:
1. A highly dynamic IT environment that can respond efficiently to elastic scalability demands.
2. The ability to use electronic identities for sensitive and mission-critical purposes.
3. End-user demands for more control and self-determination with their online identities.
4. Secure, reliable, flexible and composable applications that can facilitate a rapid response to changing business needs.
5. Accommodation of the organization's desired level of control of the IT environment.
6. A risk-based approach to managing IT security and its contribution to operational and business risk.
7. Mobile devices to be a secure source of identity and a business platform.
8. High-risk decisions based on secure, high-quality information sources.
9. IT systems that can sense and respond to the real-world environment.

The IBM GRC exec likewise presented the trends identified in IBM's STO report, which are: Securing Virtualized Environments; Alternative Ways to Delivery Security; Securing Mobile Devices; Managing Risk and Compliance; Identity Governance; Information Security; Predictable Security of Applications; Protecting the Evolving Network; and the Sense and Respond Physical Security.