Let Us Predict

The holiday season is now officially out of its cage and you know what that means . . . Yup, it's time for that annual right of analysts, pundits, journalists and wags everywhere to vent their predictions for the coming year.

But rather than wait and wrap all predictions up in a nice holiday bundle, I think I'll meter out our guesswork in the time-honored tradition of seasonal marketing campaigns that dictate the emergence of flocked trees and jingle bells shortly after the back-to-school sales end. If you're like me, you just love walking into your neighborhood big-box superstore on a hot, late September day, and getting serenaded by an animated reindeer.

But the better part of taste and a disturbing lack of material have forced me to wait until Thanksgiving leftovers are finally starting to look like leftovers to begin unleashing our predictions for IT compliance management in 2006.

Why the lack of material, you ask. Well, for the most part, the issues around compliance management remain largely the same. Companies are getting off the stick and doing more to automate their compliance processes and there's a lot more products and services available to help them accomplish that, but the basic needs have changed little from year to year.What has started to change is the prioritization of certain aspects of compliance management. And one of those priorities is a renewed focus on internal threat management as opposed to circling the wagons at the perimeter hoping for a good night's sleep. And that leads us to Prediction No. One: The shift to internal threat threat monitoring.

In our most recent poll we asked whether external or internal security breaches were potentially the most damaging to an organization. Only 19 percent of respondents indicated external threats were the most damaging. Another 29 percent said external and internal threats were harmful in equal measure. And 52 percent of the respondents felt internal breaches were potentially the most damaging.

This foretells a big shift in the way we secure corporate data and monitor employee behavior. In fact, monitoring employee behavior to prevent non-compliance could become one of key factors in managing risk in 2006.

The reason internal threats are so problematic is that they are near impossible to detect unless you have policies and detection systems in place. The other problem is that a high percentage of internal infractions are essentially accidents rather than malicious attacks. Sloppy e-mail and messaging habits, and non-existent data protection inside the firewall can lead to inadvertent information leakage that causes just as much harm as a full-blown external security incident.

Several vendors have started focusing on internal threat management and several more have added internal monitoring to existing security and compliance monitoring systems that previously focused on inbound and outbound infractions.

We recently saw LogLogic and Counterpane Internet Security have teamed up to deliver managed compliance services that include real-time forensics capabilities to respond to security incidents, compliance inquiries and internal threats.

For organizations that maintain business critical information on mainframe computers, we saw e-Security roll out its Sentinel Mainframe Connect add-on module for its Sentinel 5 enterprise compliance monitoring system. Sentinel Mainframe Connect monitors compliance events directly from mainframe computers and, used with Sentinel 5, correlates the information with other IT security and compliance events across the organization.

We also see systems that monitor user behavior for data usage violations like Consul Risk Management Inc.'s InSight Suite 6.0 which monitors, report on and investigate malicious and accidental violations.

Similarly, database tools vendor Embarcadero Technologies leveraged its acquisition of SHC Ambeo Acquisition Corp. with Ambeo's Activity Tracker, a database-auditing mechanism that monitors all user activity in real time, and Usage Tracker, which provides historical statistics on how data is being accessed and used.

In addition we are seeing a shift in the way e-mail and instant messages are managed for compliance to include archiving of internal messages that never leave the confines of the enterprise.

In all, this points to a very necessary next step in compliance management, and one that will get much more attention in 2006. Once you are able to keep the foxes out of the henhouse, and keep the hens from flying the coop, what do you do when the hens start working for the foxes?