Feeds

Rethinking security

Just what are you trying to secure?

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

Workshop Ask any IT manager, business leader or regulator and they will tell you that IT security is important - that much goes without saying.

As the chart below shows, for many professionals the role of security in IT is now seen to be a fundamental part of delivering day to day IT service to users, wherever they are, whenever they need service and using whatever device is best suited to the task.

It is no longer a separate entity that only succeeds in adding complexity to an already difficult occupation. But as IT and networking technologies become more complex and as business demands for service flexibility grow is it time for IT professionals to rethink security?

A major challenge for everyone is keeping up with just how quickly the “security” landscape is changing. We know that the traditional drivers for raising the security bar, namely external regulation, concerns over “privacy” and the protection of corporate data along with increasing amounts of legislation still constitute a considerable challenge for many organisations. While these are matters of concern it has to be recognised that they amount to “known”, definable challenges.

These are now being supplemented by a raft of new security worries as user behaviour alters, especially around the use of mobile devices and equipment acquired outside of the standard procedures. There is also the social side of the behaviour equation.

We know from prior research that the ‘official’ use of social media is slowly taking off inside business processes. But Reg readers also tell us that the ‘unofficial’ use of social media tools is a bigger part of daily business life. With people becoming ever more cavalier about sharing information, especially younger workers who have grown up putting their life’s story on the Web, just how is the “security landscape” changing in your business?

Are there any new service areas, such as Unified Communications, instant messaging, screen sharing, Webinar services or other social media sites which you think will have a major impact on how you should treat security? Equally, do you think that they will lead to modifications in your security policies, and if so, when?

In most organisations security is still about securing computers, be they servers, desktops or laptops. But we know that the emphasis should really be on the services that users access rather than the details of the machine they sit at. So if security emphasis is still centred on computers, what about all the other stuff: services, data, information, interactions and virtual relationships?

This naturally raises the question of how to integrate security across systems where you do not have direct control. These include the use of external service providers, social cloud-based systems and collaboration solutions and even the personal devices employees use every day in their business processes. Do you still have a good idea of just what you are trying to secure?

As new threats and behaviours emerge, needing different solutions to secure systems without putting security barriers in the way of operations, it's likely that identity management and access control systems and protection, encryption and key management tools will grow in importance. The challenge is to make them effective without generating end-user resistance and avoidance. Perhaps the real issue is a need to raise the awareness of corporate security responsibility that every member of staff has. But how realistic is this when it is difficult enough to get them to remember their password without resorting to writing it down on a post-it note?

It is clearly hard to keep so many factors in focus, especially when the business demands more from IT every day without adding in the additional skilled manpower resources to lighten the load. We would like to know if you have found workable policies, procedures and tools that let you secure the ever-expanding range of information, interactions, processes and the social networking environments commonly accessed every day. Have you been asked to change the behaviours of your users? If you have succeeded please let us know how. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.