1st September 2012
Developing security intelligence – the ability to predict, identify, and react to potential threats – is taking on new importance
Security has become today’s most important imperative. Staying informed has never been this important unlike ever before. Most organizations today are struggling to keep up with the ever growing market that has now advanced into mobile, cloud and embedded devices that are making the world more instrument oriented, and at the same time, producing huge amounts of data. This evolution of technology is becoming more prone to security attacks.
Threat to Data
Of late, more and more organizations are taking into IT as a foundation for their businesses. Since, businesses require data to be shared, they also need collaboration tools that controls and protects intellectual property ensuring privacy of information that does not slow down business processes or pose as a threat to the data that the businesses withhold.
Medium-sized and small businesses are responsible for nearly 65% of the global GDP – representing more than 90% of all businesses, employing over 90% of the world’s workforce. While security budgets are often at risk for cuts, recovering from the damage a security breach can cause could cost a midsize much more in lost revenue and productivity. No matter how big or small a business may be, a security glitch is not an option. This is especially the case for midsize companies that operate with tight budgets and limited IT staff.
Securing the Data
It has become more important, yet more difficult, to secure and protect critical information and related assets. Whether it’s evaluating the potential risk to the brand, understanding the financial implications of adverse events or assessing the impact of IT systems disruptions on ongoing operations, developing security intelligence – the ability to predict, identify and react to potential threats – is taking on new importance.
However, where large enterprises can rely on large IT departments with dedicated teams focused solely on addressing security concerns, midsize companies often must address the same concerns with far fewer resources.
According to Inside the Midmarket: A 2011 Perspective, security management is the top IT priority for midsize businesses around the globe. And, in the 2011 CIO Study, 60% of IT leaders from midsize firms reports plans to focus more on risk management and compliance as a means of increasing their company’s competitiveness over the next three to five years.
Midsize organizations are adopting social media and cloud services at a faster rate than large enterprises. They also are exploring flexible mobility models, such as Bring Your Own Device. As a result, midsize companies are facing a unique blend of security challenges.
One of those challenges is identity and access management. This is especially a concern for midsize companies trying to make sense of the growing array of IT assets located outside their company controlled network.
1. Evolution of technology is also making organizations more prone to security attacks
2. No matter how big or small a business may be, a security glitch is not an option
3. Recovering from the damage a security breach can cause could cost a midsize much more in lost revenue and productivity
Cloud based solutions, social networks and mobile devices are difficult to manage with traditional identity and access management platforms. It becomes even more complicated for midsize firms, which tend to have a broader reliance upon external partnerships for growing their businesses.
A cloud based identity access management system can drive efficiency, security and compliance for midsize companies looking to integrate diverse external resources. Midsize companies looking to evaluate their security needs can start with three areas: people and identity, data and applications, and infrastructure.
Harm could come in many forms, but some of the most upsetting scenarios for attacks on the Internet of Things include electrical power and communications blackouts, disruption of air traffic and roadway traffic lights, interruption of oil and gas exploration and contamination of water. So far, these concerns are mostly theoretical, but the spread of Stuxnet, the computer worm that targets control systems at nuclear power plants, shows just how dangerous such attacks can be. The worm knocked out about 1,000 centrifuges at Iran’s Natanz uranium enrichment plant last year–and atomic energy experts warn that it has the capability of creating Chernobyl-like disasters.
Working out the Solutions
A lot of work has been done over the past two decades to defend computer servers and networks from malicious attacks, but the emergence of the Internet of Things is forcing cybersecurity experts to rethink how such assets are protected. In the past, one of the key strategies for protection control systems was to isolate them from other networks. But now that control systems are being connected to the Internet, that approach won’t work well anymore. What’s needed is a multi-tier security system–combining protection for individual servers and applications with more powerful access controls and network monitoring.
The Internet of Things creates exciting new possibilities, but it can only deliver on its promises if it’s reliable and trustworthy. Now is the time to start addressing these concerns. More often than not, companies are focusing on very narrow, siloed ways of securing their organization–for example, simply focusing on firewalls, database or application security. The issue with this approach is that there is no way of coordinating and communicating between the silos. Security Intelligence provides a picture across an entire organization. Security Intelligence brings information in from the perimeter, the database, applications and identity of employees, vendors and partners accessing this information, providing a thorough understanding of what is going on across an organization.
Regardless of which area you identify as the most vital to your business, there are many solutions spanning security, compliance, and resiliency – and often available for on-site or cloud/hosted deployments – that can help your business protect its vital assets from one year to the next.
The author is country manager for security, software group, IBM India/South Asia