The Next Big Thing
Posts about next generation technologies and their effect on business.

The shifting view of security required today

security extend.pngLast month while in Canada, I was part of a discussion about what’s abundant and scarce in the finance space. We touched on security. I think we can all admit that there is nearly an infinite supply of hackers willing to work for free and at the same time a business’s resources in the security space is constrained. It is not hard to image a large organizations being the focus of 10,000 or more cyber-attacks in a single day. Are our systems really up for this level of defense?

 

We can also admit that the security fortress approach (where you create a secure perimeter) to protect the corporate systems and data is insufficient and outdated. This notion of security seems quaint in a cloud-enabled world where the business draws upon an ecosystem of partners and sites across the globe. Even the systems that we’re implementing are no longer hierarchical in nature, they are an aggregation of services and functionality providing significant business value but presenting opportunities to rethink what we mean by governance, compliance and access. The concept of having zero risk appears naïve.

 

We live in a world of conflict. We want our systems to be secure and yet collaborative, innovative and low risk. This kind of paradox points to the need for an innovative approach.

 

We are going to have to abandon our current fragmented defense mentality and rethink our cyber-attack response. This gorilla war will be defined by a business-driven, risk-management approach where security needs to be baked in at every level and not bolted on as an afterthought.

 

There was also a discussion related to a mobile approach to control. Some of the folks were talking about using Bluetooth LE to open locks and control a facility (since a wide variety of mobile devices support it). I pointed them to an analysis that shows how Bluetooth LE provides low energy consumption but also low security. It may be OK as long as you add additional security capabilities throughout the rest of the system and don’t depend on the Bluetooth specification, since LE doesn’t really use the defined security functionality in its attempt to lower power consumption.

 

There are a few ‘simple’ things organizations can do to start shifting their perspective:

-          Prioritize information assets based on business risks.   I’ve mentioned before my view about BYOD – for the corporation, it is not about devices, but access to corporate information and policy. Organizations need to develop a data portfolio that defines the information assets they need to protect and have clear policies on their use – this may extend into a context portfolio perspective.  This will require business and IT to work together to assess risks across the entire value chain and set appropriate policies for the underlying information assets.

-          Define policies for security integration. In the more flexible (cloud-based approach) being deployed today services that are created or subscribed to can morph from what they were originally intended to be used in other ways – plan for this. Everyone in the IT (and probably the business as well) need to have a foundational understanding of how to incorporate security awareness into their work, during the entire lifecycle of processes and projects. Security and privacy are everyone’s job.

 

Security can be a differentiator for an organization – both in a good and a bad way. Organizations need to actively take control instead of passively waiting to see what happens.

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured
Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.