Trends such as bring your own device and bring your own anything are making it much more difficult to rely on network firewalls to protect against security breaches.
"The idea of trying to put a [single] boundary around all that is insane," Taule says. "It's no longer about putting a boundary around the network, but around the data" a company is trying to protect.
Enterprises will rely increasingly on technologies that enable them to identify which individuals should be able to access which types of data and when, Taule says. Identification and authorization is becoming ever more important in an increasingly mobile environment, as organizations need to know they can trust that a user is who he says he is.
Emerging data- and activity-management tools will allow companies to build profiles about users and track typical patterns of activity and usage, Taule says. This will help them spot anomalies that might indicate a potential data breach, much like credit card companies do today, he says. Technology such as desktop virtualization, which gives organizations more centralized control of the security of individual devices, will also help, he says.
"A big reason for using virtualization is the challenge of managing lots of images across lots of workstations," Taule says. FEI Systems has begun deploying desktop virtualization and in the future will take it to new levels, he says.
"From an application standpoint, we're working with a [vendor] to maintain a continuously secure compute platform by constantly tearing down and rebuilding applications, so that any poisoning or backdoors have no persistence, as the environment is restored anew on an ongoing basis," Taule says.
The focus on providing security from a data standpoint will only grow in the coming years as the Internet of Things becomes more of a reality.
"We going to start putting refrigerators and cars on the network, so there will be more to the network than traditional computing platforms," Taule says. "There is a lot of stuff that many may not be aware is already connected to the network," such as IP cameras, embedded systems and measuring devices. "What's worse is that vulnerabilities exist in these devices too, but they are often ignored and efforts to manage risk will only provide a false sense of security as long as unknown entry points persist."
Policy and enforcement: clearer and tougher
As security roles evolve in the future, so too will corporate security policies, experts say.
"I think we will more tightly control access to 'crown jewel' information and more loosely control everything else, [and have policies and] enforcement to match that," Beeson says. To that end, security policies will require that only "absolutely identified" users be granted any access to these critical information assets, and even that will be limited and highly controlled, he says.
Sign up for CIO Asia eNewsletters.