The biggest security story of 2007 – the massive data breach at retail giant TJX Inc. – continued to have an impact on IT professionals in 2008, with business leaders looking to keep their companies out of the headlines.
If industry surveys and experts are correct, corporate data breaches have been on the upswing for the last several years. The main problem for IT organizations seems to be a lack of best practices around security and the failure by most firms to implement encryption measures.
Many vendors have started to recognize the increased need for encryption solutions. In November, Seagate Technology LLC began shipping self-encryption laptop hard drives to computer manufacturers, while Microsoft Corp. integrated file encryption functionality into Windows Server 2008.
Protecting against internal data breaches has proven to be just as important as securing your company against external hackers. This point was driven home early in the year, after a rogue trader at Paris-based bank Société Générale (SocGen) was blamed for billions of dollars worth of unauthorized trades.
Hot tips from ComputerWorld Canada
A related area of concern for security professionals is
endpoint security breaches, caused by the rise in mobile and USB devices in the enterprise. Indirect
internal data breaches caused by employees accidently sending out sensitive information through e-mail led to
greater interest and adoption of managed file transfer systems.
The Canadian government has also taken notice of IT security, with Parliament recommending amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). The changes would require companies to notify individuals when their personal information was subject to a security breach, which some have speculated could provide a boost to IT security projects.
But according to some public policy organizations, the government needs to go even farther.
The University of Ottawa’s Canadian Internet Policy and Public Interest Clinic (CIPPIC) is pressing for mandatory public reporting of any potential data leaks and the creation of an electronic registry for corporate data breaches.
And even amidst the ongoing economic recession, it seems that IT security continues to be a top priority for IT and business leaders alike. Organizations that are sustaining or increasing their security spend actually reported fewer data breaches and malware incidents.
Read more about security in
In the identity and access management space, vendors such as Novell Inc., Sun Microsystems Inc. and Oracle Corp. continued to make product announcements, while CA Inc. pretty much based its whole user conference around this area of security management. And after many years of hype, identity management strategies finally appear to be taking hold at some major corporations across Canada.
And even though times appear to be tough for the entire tech industry, aspiring IT workers will likely have an easier time than most landing a job in the IT security space.