Several new technology trends emerged as major factors in 2011. In all likelihood they will continue to reshape the landscape in 2012. Each brings its own distinct security requirements. But the key challenge this year will be ensuring security for the wave of personal mobile devices that are storming the workplace.

Big data, the growth of business analytics, and the evolution of cloud computing are the other key stories of the year. The desire for Big Data to be mined by analytics will pose complex, entangled questions of privacy and security. Meanwhile, "the cloud" has turned out to be multiple clouds: public, private, and hybrid. All will need to be secured.

Meanwhile, however, the mobility wave of bring-your-own-devices (BYOD) into the enterprise and IT workplace has only begun to build. It is sure to accelerate massively this year, for reasons good and not so good.

Mobile devices are a real boon for workers in the field. For a salesperson making calls or an engineer performing inspections, an iPad is much easier to hold and work with than a cumbersome laptop. But much of the pressure to permit personal devices on the job – and especially iPads – is coming from employees, particularly top executives. The iPad has become a signature luxury brand, and everyone who is anyone wants to own one. And show that they own one by using it at work.

From a security perspective it doesn't matter whether BYOD is on the rise for good reasons, bad ones, or both. In any case we need to protect the security and integrity of all company data that passes through a wide variety of personal mobile devices. And we have to do so in a way that also protects the security and privacy of personal data on those same devices.

This will not be an easy job. But it is now an unavoidable security requirement.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."