In the past few years, security technology product providers have awakened, and stopped their age-old habits of stuffing more and more features into their product set without the clarity of perception or value it would bring to the businesses they are serving. They have moved to annuity models that include signatures and preemptive patching for intrusion prevention and detection systems, virus definition updates, and product upgrades. In essence they are getting into the business of providing meaningful content, rather than rich features.
I remember a commercial that Chrysler used to air on television in the US in the late 80’s and early 90’s. Their brand ambassador and chief spokesperson was also their legendary CEO, Lee Iacocca. His tag line, with the introduction of the Jeep Grand Cherokee – perhaps the Grand Daddy of the ubiquitous Sports Utility Vehicle (SUV), and in the wake of the overwhelming Japanese automobile competition was, “Lead, follow or get out of the way!”
This phrase has a significant parallel in today’s dynamically changing world of disruptive technologies. One can either get lost in this chaotic shuffle or make one’s stand as an organization to become a pioneer, trendsetter or trailblazer, or simply adapt to the changing ecosystem. Yes, I am talking about the Security opportunities being created as we transition to a cloud-computing environment. This is a game changer, since it creates significant challenges for Security Management, Privacy, Identity and Data Governance. Moving from legacy systems to web enabled services is one thing. Moving to a cloud-based infrastructure is another ball of wax! The opportunity for both established players as well as start ups in this environment to address specific areas and create long term value is substantial.
The lines are blurring
The complexity of managing Security is being compounded significantly by both the proliferation as well as cross-pollination of Social Networking, Wireless LANs, mobile appliances, streaming video, USB sticks, micro-drives etc that span across both consumer and enterprise landscapes. Most organizations have been traditionally slow to adapt to the security challenges introduced by these rapid technology enablers, that on occasion also prove to be productivity and bandwidth dampeners, based on their use or abuse (read FaceBook, Twitter). Wireless devices submit huge challenges for network security with the introduction of even a single rogue access point anywhere on the network. You may be very savvy in establishing controls and policies when you deploy enterprise applications, but do you have the necessary security oversight when it comes to smart phones that have inundated the market place?
And what about ‘Work from Home’ and the dual role that your laptop may be playing at your workplace and at home? The probability of contamination is extremely high, even if one happens to be a conscientious employee. Remember that your organizational security posture is only as strong as your ‘weakest link’!
Most multinational companies (MNCs) are generating almost half of their revenues outside of their country headquarters. As International commerce continues to explode, enterprises are being forced to comply with International, national, industry and organizational requirements, due to the proliferation of all forms of communication – from instant messaging to video conferencing. These organizations are being subject to multiple jurisdictions and the regulations stemming out of these requirements are driving the need for increased controls, policy enforcement, information management and search capabilities, leading to very strict data retention and audit policies. The ramifications are such that an organization is beholden to exhibit all means of electronic communication upon request.
Someone once famously said, “What perimeter security? There is no perimeter anymore!” This is true now more than ever.
We are beyond the cusp of a global IT revolution wherein, organizations will have to proactively come up with multi-pronged approaches to resolve not just the current set of security challenges, but also find, recognize, and secure the future.
It is crystal clear that Security is not just an IT problem anymore – it is a business risk that results in tangible losses of revenue, reputation or worse yet, both!
I would be covering the missing piece of Governance, Risks, and Compliance in my next blog.
Do share your thoughts, suggestions, and experiences.