This past year was one of the busiest for enterprise security. We saw growing complexity with the evolution of key technologies like cloud, big data and mobile. We saw increased concern at the impact of sophisticated malware on operations and business continuity across the enterprise.  And the continued growth of both persistent and emerging attacks made it all the more critical for businesses across all industries to bolster their security efforts.

With 2013 only a few weeks away, we canvassed our clients from around the world, as well as IBM's security team, as to what we can expect in 2013 and beyond.  Here are some of the insights we're seeing:

1. In early 2014, Cloud security will go from "mystery and hype" to "secure and move-on" 
Data, identity and monitoring technologies will continue to emerge to meet requirements of cloud computing, enabling organizations to leverage cloud with the same confidence they do their data center.

2. By end of year 2014, mobile devices will be more secure than laptops are today
Comprehensive mobile security technology now exists to protect almost every part of the mobile experience – from the device, to the network, to the application. On mobile devices, more than on laptops, new attention will be paid to actually securing data in applications.

3. Compliance will remain a surprisingly robust security driver through 2015, driven by country-level cyber efforts maturing
New and evolving breaches have set new regulations in motion, presenting new challenges and requiring solutions to adapt and help ensure private information stays private.

4. The type of data collected and inspected to detect advanced threats will balloon in variety and volume by 2016
As the security perimeter evolves, so will the attacks – requiring wider analysis of more and more unorthodox data.  Advanced organizations are moving beyond security data to find the needle in the haystack.

In addition to these broader predictions, here are some other observations that we’re bound to see, which move us beyond the headlines to what security execs are preparing for over the next few years:

  • Our 2012 CISO study showed that most CISOs report to the CIO. This will change. Security groups will become more independent, with CISOs breaking away from reporting only to CIOs, instead getting more direct lines to the audit committee and risk officer.
  • Data scientists will be in high demand for security. Data scientists will be dedicated to analyzing and correlating security data as well as unstructured business data to find the breach needle in the corporate haystack.
  • Reduction of threat data sharing boundaries between government and private sector, and among private sector companies themselves. Organizations are realizing they need to share information to stay ahead of security risks and threats.
  • Firms will begin monitoring the info shared on social dark channels. Organizations believe that social data/hacker channels can be mined for data/clues that indicate which companies are being targeted. The information can be monitored either internally, or achieved via a service.
  • Unlike the last compliance wave, the current one will be weighed against the rise of a risk-based approach to security. Security dollars must be spent to enhance security and not only to check a compliance box.

Click on the image to open the slideshow: