The need to stay connected and informed is propelling the growth of new technologies, such as mobility, social media, collaboration, cloud services, and communication. We have entered the age of pervasive technology. This inescapable trend is a perfect storm that provides both tremendous opportunities and significant risks to organizations that embrace the “always on” culture for their customers, trading partners, and employees. Technology services are consumed whenever and wherever needed, and the associated data can be stored anywhere. We are at a point in IT where cloud, mobility, and social media are either being adopted or already in use within organizations across industry verticals. Security remains a key roadblock. This applies to infrastructure, end-point devices and applications as security has to be ensured at each point.
Organizations have to work out how to control access to their cloud and how to maintain its privacy over the long term. Here too, security will have to keep up with the pace of innovation. Standards will change, new operating systems will be released, and new devices will be introduced over time. For IT to continue supporting such new devices and systems, organizations have to ensure that their cloud architecture is flexible enough to continue supporting new changes, and to put in place a security plan tailored for the confluence of mobility, social media and cloud.
Security not a one-size-fits-all matter
Information security cannot be prescribed in a single checklist that suits all organizations. Information security is about adopting the right measures and controls for a given entity at a given point in time. Threats change and vulnerabilities are introduced or removed, demanding that security evolves simply to keep pace.
Businesses have more information to protect at more points against more threats than ever before. In such an environment, businesses can build an effective defense only after they first understand the peculiarities of today’s threat landscape and then identify their own specific areas of vulnerability. Armed with this information, enterprises can then develop an information security blueprint that is right for them – one that is comprehensive, proactive, enforceable, and manageable.
To mitigate the risks associated with these technologies, organizations should consider moving away from traditional models of security to multi-layered security and compliance strategies that include a combination of trust, policy and technology.
Taking an information-centric approach
One way organizations can navigate these vulnerabilities is to assess, transform, manage and optimize an end-to-end security environment using an information centric approach.
Where should you start? What initial steps can an IT leader take to adopt an information-centric approach?
- Understanding the increased level of risk exposure resulting from the adoption of cloud, mobility and social media
- Ensuring the applications handling sensitive data are secure in a potentially hostile environment
- Establishing mechanisms to detect and alert any potential security breaches, data loss and/or exposure of intellectual property or personally identifiable information
- Reviewing and establishing service contracts and SLAs with service providers to address the lack of direct control an enterprise has over certain infrastructure security operations, and also clearly documenting roles and responsibilities