According to reports the most serious forthcoming threats to IT security will be revealed during the Gartner Security Summit in Washington this coming week, and it looms like the consumerization of IT will be right there front of stage. Something that Gartner research fellow, John Pascatore, describes as the Gen X - Gen Y problem. In other words, the users who have grown up with a social networking model as the norm being expected to follow an old school approach to IT security which dictates what resources you can use and when and where you can use them. But with the social networking model spilling over into the enterprise, it is almost inevitable that a new generation of threats will emerge that demands a new generation of security thinking.
As Pescatore puts it “the old IT model that tells you what you can do and use is breaking.”
So what is being done to fix the problem, what are the threats that will emerge and how can you protect against them? Unsurprisingly Gartner is not revealing too much of the new security threat landscape ahead of that security summit next week, however Pescatore has given Dark Reading some clues. "Among the main threats on Gartner’s list: attacks on SaaS providers, social network subversion, and desktop utility application attacks" the security site reports.
SaaS seems to be the main focus from what I can read between the lines, with Gartner expecting attackers to "streamline their attacks on organizations" with Saas being a good example of shared application types that could be exploited in this way. “The attacker could go after Proctor & Gamble -- or salesforce.com, which P&G uses, as well as hundreds of others” Pascatore says.
Gartner is also likely to look at social network subversion, leveraging the trust angle of social networks to launch attacks while posing as a friend. Attackers have always exploited trust, so there is no real reason to assume they will exploit trust based networking mechanisms to the full after all.