With high profile security breaches in the news throughout 2011, security firm Agiliance sees dramatic changes ahead for the security industry in 2012. It’s list of predictions for the coming year in security focus on mobile, cloud computing, legislation, and social media.

These predictions are based on the company’s engagement with Global 2000 companies, government agencies, fellow security vendors, industry analysts and security consultants, as well as market research it conducts on a regular basis.

Topping the list is Agiliance’s prediction that organizations will recognize that risk is security’s new compliance.

A risk-based approach and holistic view of the organization’s IT infrastructure will be driven by further consumerization of IT, challenges related to social media as an instrument in cyber warfare, stricter enforcement and new legislation focused on data protection, threat information sharing, and incident disclosure, as well as the emerging need to assess cloud service providers’ ability to enforce security policies and continuously maintain an adequate compliance posture.

“For many years, complying with government standards and industry regulations has been seen as a check box in the lengthy list of IT security tasks,” said Torsten George, vice president of worldwide marketing at Agiliance.

“In 2012, we will see progressive organizations applying a risk-based, continuous approach to security. By doing so, they will be able to make risk visible, measurable, and actionable.”

Specifically, Agiliance expects dramatic changes in the following areas:

Mobile Devices and Social Media
New products and services will emerge that deal with the necessary delineation of employer-owned versus employee-owned data on mobile devices.

These products will go beyond anti-virus and malware software to deal with embedded strong authentication, secure mobile operating systems scanners, mobile operating system vulnerability scanning, and data segregation / encryption. For social media threats, existing security tools’ capabilities will be extended to cover monitoring of social media networks to tackle the emergency of social media cyber warfare.

Cloud Computing Security
Agiliance predicts an acceleration of efforts to create standards around cloud security, primarily driven by the data consolidation efforts of the U.S. government as well as wide-ranging support of the Cloud Security Alliance. Independent, continuous monitoring of cloud service providers’ security controls will become a standard part of service level agreements.

Legislative Initiatives
Agiliance predicts that, in the second half of 2012, a government mandate will be passed that will lead to a pro-active Information Security Risk Management system and related best practices to tackle cyber security threats.

Similar to stricter enforcement policies of the HiTech Act by the HHS, regulations penalty cases will surge in 2012. Furthermore, privacy audit is becoming a major driver behind security tool investments as organizations are coming up short on audits relating to data breaches, disclosure notifications, data handling, attribution, and incident closure.

Anti-Cyber Crime Collaboration
Sharing of sensitive threat information will become essential to prevent widespread cyber attacks across different verticals and industries. Nowadays, cyber criminals are coordinating their efforts and are well-versed in sharing vulnerabilities and attack methodologies. They even have their own online communities where they exchange information.

This is unmatched by the commercial sector and government agencies. As a result, Agiliance predicts that the increase in cyber security attacks and data breaches will lead to the introduction of a formal information sharing database that will be made accessible to a broader group.

Risk is Security’s New Compliance
With more than 365 security incidents reported this year to date, affecting over 126 million records, cyber security attacks have become a mainstream event in the industry.

Based on these changes, Agiliance predicts further increase in demand for software tools that are able to aggregate data from existing security tools and information management applications to make risk visible, measurable, and actionable.

These tools will not only provide advanced reporting capabilities, but interconnectivity to ensure that remediation actions can be triggered and followed through easily. To better describe the capabilities of these tools, analysts will create a new software category called Security Risk Management.

For the in-depth predictions, data, and accompanying graphics, please see Agiliance’s 2012 IT Security Predictions:http://www.agiliance.com/forms/WhitePaperReg.html?doc=Security_Predictions.