Feeds

Rethinking security

Just what are you trying to secure?

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

Workshop Ask any IT manager, business leader or regulator and they will tell you that IT security is important - that much goes without saying.

As the chart below shows, for many professionals the role of security in IT is now seen to be a fundamental part of delivering day to day IT service to users, wherever they are, whenever they need service and using whatever device is best suited to the task.

It is no longer a separate entity that only succeeds in adding complexity to an already difficult occupation. But as IT and networking technologies become more complex and as business demands for service flexibility grow is it time for IT professionals to rethink security?

A major challenge for everyone is keeping up with just how quickly the “security” landscape is changing. We know that the traditional drivers for raising the security bar, namely external regulation, concerns over “privacy” and the protection of corporate data along with increasing amounts of legislation still constitute a considerable challenge for many organisations. While these are matters of concern it has to be recognised that they amount to “known”, definable challenges.

These are now being supplemented by a raft of new security worries as user behaviour alters, especially around the use of mobile devices and equipment acquired outside of the standard procedures. There is also the social side of the behaviour equation.

We know from prior research that the ‘official’ use of social media is slowly taking off inside business processes. But Reg readers also tell us that the ‘unofficial’ use of social media tools is a bigger part of daily business life. With people becoming ever more cavalier about sharing information, especially younger workers who have grown up putting their life’s story on the Web, just how is the “security landscape” changing in your business?

Are there any new service areas, such as Unified Communications, instant messaging, screen sharing, Webinar services or other social media sites which you think will have a major impact on how you should treat security? Equally, do you think that they will lead to modifications in your security policies, and if so, when?

In most organisations security is still about securing computers, be they servers, desktops or laptops. But we know that the emphasis should really be on the services that users access rather than the details of the machine they sit at. So if security emphasis is still centred on computers, what about all the other stuff: services, data, information, interactions and virtual relationships?

This naturally raises the question of how to integrate security across systems where you do not have direct control. These include the use of external service providers, social cloud-based systems and collaboration solutions and even the personal devices employees use every day in their business processes. Do you still have a good idea of just what you are trying to secure?

As new threats and behaviours emerge, needing different solutions to secure systems without putting security barriers in the way of operations, it's likely that identity management and access control systems and protection, encryption and key management tools will grow in importance. The challenge is to make them effective without generating end-user resistance and avoidance. Perhaps the real issue is a need to raise the awareness of corporate security responsibility that every member of staff has. But how realistic is this when it is difficult enough to get them to remember their password without resorting to writing it down on a post-it note?

It is clearly hard to keep so many factors in focus, especially when the business demands more from IT every day without adding in the additional skilled manpower resources to lighten the load. We would like to know if you have found workable policies, procedures and tools that let you secure the ever-expanding range of information, interactions, processes and the social networking environments commonly accessed every day. Have you been asked to change the behaviours of your users? If you have succeeded please let us know how. ®

Boost IT visibility and business value

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.