Data security will be a big focus for organisations in 2014 as the Australian Privacy Principles and enhanced powers of the Privacy Commissioner take effect on March 12. Revelations this year of spying by the US government's National Security Agency (NSA) have also heightened awareness of security and privacy issues.
“We are going to see this increased focus on privacy. That’s because it has been brewing for a few years,” says Gartner research director Rob McMillan.
Pointing to examples published on oaic.gov.au website of where organisations have failed to meet security requirements, McMillan warns that it looks like the Privacy Commissioner next year won’t be tolerating even the smallest of mistakes.
“If you read some of those case studies you’ll see how easy it is to fall fowl of the [Privacy] Act. I was reading one case study the other day where one organisation… missed one vulnerability in their scanning, and as a result there was a privacy breach and they were found to potentially be in breach of the Act,” he says.
“With the Act changing next year, these sorts of misses or near enough won’t be good enough; they become more important than what they are now.”
Telsyte analyst Rodney Gedda says if there is one thing we can learn from the NSA revelations it is that organisations need to be on high alert, as clients or customers become more protective of their personal data.
“Where people would have trusted in their favourite cloud service, we’ll maybe they won’t [any more]. Maybe they will take a deeper look at what security levels the cloud service offers, what alternatives there are, how they can keep their data private even in the cloud, etc. So I think that’s the overarching trend for 2014.”
Gedda adds that organisations will also start to look at their security strategies in a more holistic way. “We will see more security strategies developing an end-to-end view, so not just ‘OK, I have got my cloud data here – I need to secure it. I have got my on-premise data here – I need to secure it. We’ve got mobile devices that can access either – I need to secure it’.”
Security-as-a-service will become a trend in 2014, McMillan says, driven by more corporate users accessing cloud-based services from their mobile devices.
“They might not be going through the security controls that are traditionally housed within the infrastructure in the home organisation; they will be going from the personally owned mobile device to a cloud service. That means the organisation, if they need to implement some level of security control, they will probably need a cloud-based security layer for those mobile devices to go through in order to implement their security policy.”
Sign up for Computerworld eNewsletters.