Information Protection: Empowering Business Innovation

In 2011, businesses experienced an upsurge in high profile attacks by hacker activist groups (a.k.a. “hacktivists”) — such as Anonymous and LulzSec — and increasing monetization of attacks by organized crime and other cyber crooks.  These attacks affected a variety of organizations across industry verticals. In addition to these information security threats, proliferation of industry regulations and breach notification laws are also contributing to the increase in demand for information security solutions and services. Security and information protection has definitely matured and found its place at the cool kids table today! The current information security market is estimated at $35 billion and expected to grow to $125 billion by 2015.

At the same time, technology is finally living up to its promise of making businesses more agile. Industry after industry — retail, hospitality, healthcare, utilities, transportation, and others — can now change their product offerings, go-to-market strategies, and internal business operations, thanks to emerging IT building blocks. Innovation is top on the CEO’s agenda, and across industry verticals we are seeing business innovation extending beyond the organization. Collaboration, live interaction with customers, acceptance of partners, and incorporation of external talent are all ways the organization is stretching outward.

Technology is both empowering business innovation and dealing with the advanced threats this innovation presents. Without security, innovation brings risk to the business. How can information security help enable innovation?


The changing paradigm of security

There was a time when security teams were asked to determine the Return on Investment (ROI) for security spending. Today, security is also about ROR (Reduction of Risk). Organizations face a great variety of risks to the security and confidentiality of data and information.

Applications and their supporting infrastructure create efficiency and drive innovation, but can also create conflicts between data sharing, data security and confidentiality. Each organization must determine the appropriate level of security and confidentiality for the varying categories of information, including which access to each category of information is appropriate for the user’s job function.

Before analyzing security controls, take a step back to understand what data is actually needed to support the business, how that data must be shared, and where that data is stored. Look at operations and the flow of data into, throughout, and outside of the organization. Examine the risks associated with the current business model.

By gaining a better understanding of the exposures across the flow of organizational data, you can more easily prioritize security measures.

How is your business handling the complexities of information sharing and security in an increasing collaborative environment?
Bindu Sundaresan Strategic Security Solutions Lead AT&T About Bindu