Tackling security challenges presented by business optimisation
Currently, one of the key trends defining the IT space is the transformation of security from an ancillary IT function to a core business priority. Businesses are beginning to attach real value to the safeguarding of their information and are moving to align security and business objectives. However, there are still some barriers to this process that need to be addressed.
At the 5th Annual ITWeb Security Summit, held between 11-13 May 2010 at the Sandton Convention Centre, event sponsor Dimension Data explored some of the common challenges faced when bringing together an organisation’s appetite for business optimisation with security’s need to protect.
The classic conflict between innovation and security
Samresh Ramjith, Chief Technology Officer at Dimension Data Security Solutions, reveals that the most common divisor by far is still the perception that security puts a damper on business innovation. “Many business innovators feel that security is a killjoy. They are reluctant to acknowledge that although it’s great to be out there leading the pack, a secure environment that protects core Intellectual Property (IP) is equally important.”
Readily accessible and affordable technology means that just about any business can optimise operations through enabling more information technology solutions. At the same time, they also open themselves up to a number of common, and valid, security risks:
• More (and meaner) threats: as technology evolves to keep pace with demand, security threats are matching this evolution stride for stride. Threats are growing in sophistication and magnitude with even more devastating effects on enterprise.
• Mobile minefields: mobile business environments are great for productivity. The resulting proliferation of mobile devices such as laptops, notebooks, PDA’s, smart phones and flash drives facilitate an ever-accessible and agile workforce. However, these provide additional entry points for security threats to creep in. They also offer opportunity for sensitive data and IP to leak from secure environments.
• ‘Friendly’ Fire: changes in infrastructure mean internal threats are becoming as much of a concern as perimeter security. Mobile staff, contractors, and unintentional or malicious security breaches are difficult to contain - demanding a new breed of security technology.
Complexity is a double edged sword
Another obstacle is the failure to come to terms with the complexity of the security required in modern day business. The drive to promote easy integration between products and technologies invites the deployment of a combination of hardware, software and operating systems. This heterogeneous environment creates a warren of overlaps and loopholes that is impossible to protect through a single cure-all security solution.
This undermining effect that increased complexity has on security is often disregarded in favour of possible competitive advantage. This has a negative impact on the overall efficacy of security efforts in the long run.
Finally, businesses don’t necessarily always allocate the right funding and resources to security. “Security needs to be prophylactic to be effective. However many businesses fail to scope their security requirements adequately and only identify weakness once a breach occurs – a classic case of shutting the stable door after the horse has bolted,” says Ramjith.
As our technology landscapes become more complicated, the areas that require defence multiply and diversify. This complexity can be intimidating to business owners and as a result, resources are often channelled to other more ‘rewarding’ areas where the impact on their business is more tangible.
This can leave security under-resourced both in funding and functionality. Ironically, when a lapse does occur, there is definite resentment of the seemingly ‘wasted’ security effort.
Integrated strategies and a holistic approach can bring together the best of both
Clearly, by ignoring the impact that business and technology innovations have on security, companies can run the risk of incurring some rather expensive damage control.
The only way to negotiate the fine line between business innovation and security inhibition is through the implementation of a proper strategy designed to ensure security integrity while allowing for business agility.
Taking a more holistic approach to security is often the critical first step in overcoming the pitfalls of short-term tactical actions. “Security needs to be viewed as an entire stand-alone entity that requires a complete strategy, as opposed to an assortment of ‘patches’ that can leave your business vulnerable,” says Ramjith.
Dimension Data Security Solutions are continually working to shift the perception of security towards being an important driver of business improvement. “Good security should not be seen as a grudge purchase. It is not just an insurance policy in place to protect against an unlikely event. Issues such as the promotion of compliance and good governance, effective management of third party relationships, and the consolidation and streamlining of business processes to ease management and improve efficacy are all knock-on effects of a well planned security strategy. All these elements will add value and offer real benefit to any organisation” says Ramjith.
In the long term, partnering with a security service provider who is at the forefront of security technology and systems and who is able to offer business relevant solutions to security challenges will ensure that security is properly scoped and provisioned. Dimension Data Security Solutions offers unparalleled global experience and the know-how needed to address these and other more specific security pain points.