The Good, the Bad, and the Secure

This blog post is sponsored by the Enterprise CIO Forum and HP.

A previous post examined the data aspects of enterprise security, which requires addressing both outside-in and inside-out risks.

Most organizations tend to both overemphasize and oversimplify outside-in data security using a perimeter fence model, which, as Doug Newdick commented, “implicitly treats all of your information system assets as equivalent from a security and risk perspective, when that is clearly not true.”  Different security levels are necessary for different assets, and therefore a security zone model makes more sense, where you focus more on securing specific data or applications, and less on securing the perimeter.

“I think that these sorts of models will become more prevalent,” Newdick concluded, “as we face the proliferation of different devices and platforms in the enterprise, and the sort of Bring Your Own Device approaches that many organizations are examining.  If you don’t own or manage your perimeter, securing the data or application itself becomes more important.”

Although there’s also a growing recognition that inside-out data security needs to be improved, “it’s critical that organizations recognize the internal threat can’t be solved solely via policy and process,” commented Richard Jarvis, who recommended an increase in the internal use of two-factor authentication, as well as the physical separation of storage so highly confidential data is more tightly restricted within a dedicated hardware infrastructure.

As Rafal Los recently blogged, the costs of cyber crime continue to rise.  Although the fear of a cloud security breach is the most commonly expressed concern, Judy Redman recently blogged about how cyber crime doesn’t only happen in the cloud.  With the growing prevalence of smart phones, tablet PCs, and other mobile devices, data security in our hyper-connected world requires, as John Dodge recently blogged, that organizations also institute best practices for mobile device security.

Cloudsocial, and mobile technologies “make business and our life more enriched,” commented Pearl Zhu, “but on the other hand, this open environment makes the business environment more vulnerable from the security perspective.”  In other words, this open environment, which some have described as a multi-dimensional attack space, is good for business, but bad for security.

Most organizations already spend a fistful of dollars on enterprise security, but they may need to budget for a few dollars more because the digital age is about the good, the bad, and the secure.  In other words, we have to take the good with the bad in the more open business environment enabled by cloud, mobile, and social technologies, which requires a modern data security model that can protect us from the bad without being overprotective to the point of inhibiting the good.

This blog post is sponsored by the Enterprise CIO Forum and HP.


Related Posts

Securing your Digital Fortress

Are Cloud Providers the Bounty Hunters of IT?

The Diderot Effect of New Technology

The IT Consumerization Conundrum

The IT Prime Directive of Business First Contact

A Sadie Hawkins Dance of Business Transformation

Are Applications the La Brea Tar Pits for Data?

Why does the sun never set on legacy applications?

The Partly Cloudy CIO

The IT Pendulum and the Federated Future of IT

Suburban Flight, Technology Sprawl, and Garage IT