The Tech Herald

2012 Predictions: Compliance and Access Management

by Steve Ragan - Dec 8 2011, 18:00

2012 Predictions: Compliance and Access Management

Continuing our series on threat predictions for 2012, The Tech Herald presents a list of things to consider over the next year, from two different sources, focusing on access management and compliance.

Subhash Tantry - CEO of FoxT

In 2012 enterprises will continue to use multiple solutions for access management until the management burden on IT becomes unbearable. This will force adoption of centralized, automated platforms that can cover granular access control policy management and enforcement across diverse IT infrastructures.

In 2012 policy management for access controls will become a greater problem as organizations will continue to be held financially accountable for failed audits across increasingly complex IT infrastructures. In order to meet compliance requirements, new technologies will be required to centrally manage and enforce access and use of enterprise resources across mobile devices, physical and virtual services, and newly adopted cloud solutions.

In the coming year, insider threats exploiting Windows server and desktop access will increase as organizations struggle to control local accounts.

The increasing complexity of regulatory policies and IT infrastructures will drive IT managers to explore the use of attribute or roll-based access management techniques for enforcing and managing user access to enterprise data.

Many organizations this year deployed cloud solutions for anytime-anywhere accessibility. Unfortunately for many, the purchasing decision was rushed and without a more complete evaluation of how access policy and compliance enforcement would function in the cloud. We believe organizations in 2012 will deploy more granular access management technologies to prevent unmanaged employee access in the cloud.

Michael Hamelin - Chief Security Architect for Tufin Technologies

2012 will be the year of continuous compliance - in other words, organizations will see the value in implementing the ability to track changes to their compliance posture in real or close to real time, as opposed to referring back to a single point in time based on their last audit (e.g., prove they maintain their compliance posture in between quarterly PCI audits.)

As a result, investing in automating the audit process will be top of project lists for 2012, which will result in many organizations adopting more mature and effective processes for managing compliance.

Organizations who are not bound to the need for direct regulatory compliance standard will still adopt standards like PCI DSS as a methodology to create a robust network security framework.

Next Generation firewalls will continue their strong adoption by mid-to-large-sized organizations. The need to craft and manage more complex rules, combined with the need to demonstrate continuous compliance, will accelerate the demand for automation.

Once organizations start implementing their own controls to demonstrate compliance, dependence on third party auditors will decrease.

Around the Web

Comment on this Story

comments powered by Disqus


Mercedes-Benz S63 AMG 4MATIC Coupe Pictures and Specs

Check out these awesome pictures of the new Mercedes-Benz S63 AMG 4MATIC Coupe, which was re...

2014 New York Auto Show Pictures – Day One

Here are a selection of the main cars unveiled on the first day of the 2014 New York Auto Sh...

2014 Rolls-Royce Ghost Series 2 Pictures

Rolls-Royce have released a string of pictures of the Rolls-Royce Series II, unveiled at the 2014 ...

Gymkhana star Ken Block and Neymar’s Footkhana Video Teaser

Rally legend Ken Block, star of the famous Gymkhana video series, is releasing a new video to celb...

Aston Martin V8 Vantage GT Pictures

Here are some great pictures of the new V8 Vantage GT. The model, unveiled at the 2014 New York In...