Securing the extended enterprise

Ashish Thapar  Verizon Enterprise Solutions

What are the challenges faced by businesses today? Firstly, businesses today are global – the biggest opportunities are found in global markets. Organizations therefore need to be able to move in and out of markets quickly to maximize the potential of these opportunities; they need to deliver high quality services and solutions, yet at the same time minimize expenditure; they need to ensure the effective delivery of applications on a global basis; and they need to ensure compliance with local regulations at all times, or risk considerable financial penalties.

Business today therefore cannot be confined. Business now takes place on desktops, within devices (or machines), along networks and around the world. Data and information must span systems, countries, languages, and borders. Work is an activity, not a location. Supply chains need to be connected and optimized across the globe to meet customer and market demands.

By embracing the extended enterprise, organizations hope to harness the potential of global timezones and new service models to improve customer service and relationships, increase business resilience and enhance overall productivity.

However, the more information that enterprises have to distribute and manage, and the more places in which that information is housed, the greater the risk of that information being accessed by unauthorized parties. Data is no longer a contained entity – it flows in and out of the enterprise, and competitive advantage is directed by how well organizations are able to manage the speed of that flow while utilizing the business oriented knowledge harnessed from that data. Yet by opening up the enterprise to maximize its global business potential, organizations also increase their operational risks. And most importantly, this risk will no longer originate from “outside” the enterprise; real and present threats also emanate from sources within the data flow and along the enterprise supply chain, including business partners, suppliers, and data users.

Managing Risk
Most organizations today will have some form of security in place to protect business-critical information. The traditional way of protecting electronic information has been to implement a variety of point solutions designed to counteract specific individual threats. Yet today’s sources of electronic attack, or threat vectors, are much more varied and subtle. Businesses therefore need to employ equally more subtle and varied approaches to the protection of their business critical resources. Security needs to be an integrated, ongoing process that absolutely mirrors overall business objectives.

At its most basic level, managing information security risk is a balancing act between the cost of a breach to a firm’s IT infrastructure—both directly and indirectly—and the efforts that an organization needs to take in order to properly secure its infrastructure and the most important information assets that this infrastructure contains.

Successful risk management is essentially about mitigating events that may cause business disruptions or data breaches that may jeopardize revenue streams, harm customers or negatively impact the business reputation. Data breaches are becoming more sophisticated, targeted and harder to identify, and are increasingly done with the intention of compromising data for financial gain. Successful risk management therefore involves setting up not only the technologies, but also the practices and systems that will enable an organization to protect its business-critical assets – and in doing so, maintain its corporate brand, reputation and customer trust. These are the elements that go right to the heart of a firm’s value proposition.

Dealing with Data Flow
Businesses, and by extension their IT departments, have to be able to move with agility and speed to maximize the potential of new business opportunities. But they also need to satisfy multiple, and evolving compliance regulations – and all in the context of an ever-present need to control costs, and maintain quality of service.

Data no longer sits in corporate databases alone; it flows in and out the enterprise, is stored in remote databases or flat files, and is sent to wireless and mobile devices where it may be stored or sent on again. Data privacy legislation, which is invariably different in each different territory, must be respected, and adds another layer of complexity to data access and management, making data classification more important than ever.

Such issues are an everyday part of any global organization IT management processes that have to be addressed even before the issue of threat management comes around.

Evolving Nature of Threats
Given the reach and scope of the enterprise, it makes sense that the nature of threats is also evolving. Threats may now originate not just from outside the organization, but also from applications, or users, or the IT infrastructure itself. Attackers are changing their tactics from mass-attack of networks to personalized and targeted attacks.

The 2012 Verizon Data Breach Investigation Report analyzed 855 data breaches across 174 million stolen records – the second highest data loss that the team has seen since it began collecting data back in 2004. Surprisingly, 97 percent of the attacks analyzed were avoidable, without the need for organizations to resort to difficult of expensive countermeasures.

Basic security recommendations from our team included eliminating unnecessary data; establishing essential security controls by ensuring fundamental and common sense security countermeasures are in place and that they are functioning correctly; placing importance on event logs and most importantly prioritizing the overarching security strategy.

Companies need to adopt a basic security strategy that is both process-centric, and specifically tailored to their own business needs. The fundamental risk principle is that no one-size fits all; technology and service providers have to deliver security solutions designed to individual customer requirements and delivered as the customer needs, whether it is out-sourced, co-sourced or indeed in-sourced. The solution simply has to align with the business requirements and working practices of the customer.

Balancing the Risk Equation
A fundamentally different approach to security is needed to satisfy the evolving needs of business today. For most organizations, there are four absolutely critical areas of concern:
• Securing the complete extended enterprise, including internal networks, extranets, but also endpoints in the hands of end users
• Meeting the challenges of governance, risk and compliance, including aggregating, monitoring, measuring and reporting on security compliance and control efforts on an ongoing basis
• Protecting data, the flow of data, and the applications handling the data
• Securing the infrastructure in the context of business objectives, to get the most out of the technologies you have

Security solutions cannot be constrained by any delivery mechanism, and effective risk management, and thus optimized information security, must be based on an integrated security approach. In essence, it’s about taking security wider; smarter; and deeper. It’s also about the intelligent resolution of these key organizational issues.

At the heart of this security approach is the concept of securing trust around users - security must encompass the breadth of all those places where an organization users can access its data. In the extended enterprise, this requires a wider perspective than that traditionally employed. Security controls must be cost-efficiently executed at all those places where they are most effective. This means looking not only at deployment at base premises, but also across “the cloud” - the extended enterprise’s broader reach.

Secondly, effective security must also be applied on a deeper basis. For example, spanning the entire IT stack, including the network, data, applications and users. This links to the concept of integrated security solutions. It’s not enough to focus protection on a single layer of the stack; all elements must be considered as part of an integrated whole; the consequences of a breach in one part of the stack has to be considered within the context of the extended enterprise’s full reach. It’s not about monitoring a device, or a perimeter, but rather acknowledging the reach of the organization overall.

This links to the third consideration – a smarter approach to security. This essentially means accepting that security decisions should be based on risk, not on threats and vulnerabilities, and on achieving measurable gains for the systems and services that have been implemented. Of course, measuring ‘security performance’ in such an environment can present its own unique challenges, but by adopting this type of working culture, businesses are in a strong position to respond to compliance requirements.

This approach essentially gives companies data in a format they can use in a process-centric manner; organizations get maximum leverage from the knowledge that they generate and have a mechanism by which this knowledge can be leveraged in future projects. The key is to make sure that organizations are able to conduct risk management in the most cost efficient way and from the most effective place.

The Security Ideal
The ideal security solution is one that works around a customer-focused business model. This ideal solution supports information protection, business continuity and compliance through solutions that offer fully integrated threat and vulnerability management, identity and access management, security and compliance measurement.

It should be delivered as an ongoing process, providing visibility and control across all parts of the security life cycle, aiming for continuous improvement to reduce risk. It should be based around a network-centric infrastructure and designed to maximize the potential of available security intelligence. The key is to enable analysis of large amounts of data so that businesses have meaningful information to support decision making.

The end result is then something that adds real value to the business overall: security that truly supports overall business’ objectives, and enables the organization to maximize the potential of its existing investments and assets, by protecting data, and the flow of data, across the entire extended enterprise.

Delivering Security
Of course, there is one major stumbling block to most organizations achieving this aim – having the knowledge and expertise to enable effective security solution implementation. To fully understand the potential security risks to an organization requires not only in-depth knowledge of organizational security as a whole, but also the ability to ensure a critical and dispassionate view of existing business practices.

This is why managed security services are gaining an increasing foothold in the world’s leading organizations. Rather than having to invest in internal expertise, it is simpler, quicker and more cost effective to buy in expertise from a trusted third party – that expertise can then be integrated as a critical element of the extended enterprise’s infrastructure.

Conclusion
The nature of today’s enterprise environment brings with it unprecedented security challenges that continue to evolve in sophistication and potential impact. In order to effectively address these challenges, organizations must move beyond the constraints of historic approaches to security, effectively shifting mindset from a point protection approach to one that encompasses both the premises and the extended enterprise cloud. Most importantly, the complex nature of security issues requires a depth of knowledge that few IT departments could ever hope to have available in house.

Securing the enterprise, and the flow of data within and without its perimeter, is probably today’s absolutely critical business challenge. How well businesses manage to achieve this goal will determine their future business success.

Your say
Sign in to post a comment, or Sign up for an account.
Game News Investing for the long term
Individuals need to see that investing is not like placing a wager on the 49ers to cover the spread against the Cowboys, but instead it’s buying a tangible piece of a business.
... 5 Nov 2014, Gregory45
Pocket Gamer is the world’s leading destination for games on Apple iPhone, iPad, iPod touch, Android, … Get news, previews, reviews, tips, features and practical guides for: Apple iPhone, iPad, iPod touch,mobilegamesnews.net ... 4 Nov 2014, Jimstark21
good jobs very nice article and enterprise awesomee.
العاب سيارات المهمات
... 28 Oct 2014, Dracula2015
Must confess that you present powerful steps on this blog, MrqePromoCode You definitely know what you were talking about and Your intelligence on the post could be giving us new knowledge.Pretty great post. I simply stumbled upon your weblog and wanted to say that I have really loved browsing your blog
posts.Simply wish to say your article is as astonishing. AutoPartsPromoCode The clarity in your post is simply great and i could assume you are an expert on this subject. Well with your permission let me to grab your RSS feed to keep updated with forthcoming post.
InkPromoCodeThanks a million and please keep up the gratifying work.I was very encouraged to find this site. I am sure to all the commenters
here! It’s always nice when you can not only be informed, but also entertained! I’m sure you had fun writing this article
... 27 Oct 2014, Marycom
I simply couldn’t go away your website before suggesting that I actually enjoyed the standard information an individual provide on your visitors? Is gonna be back frequently in order to inspect new posts.
tutorial wordpress
... 15 Oct 2014, Ashleydanielle
This is an excellent post I seen thanks to share it. It is really what I wanted to see hope in future you will continue for sharing such a excellent post. festa lembrancinhas batman ... 13 Oct 2014, Sheilaf
I did enjoy reading articles posted on this sit.I wanted to thank you for this great read!! Under Construction projects Central Mumbai ... 12 Oct 2014, Jatinchauhan79
I liked your post and I will say in a beautiful manner you have described it. sepatu futsal adidas nitrocharge ... 27 Sep 2014, Darwinsmith
This topic has always been one of my favorite subjects to read about. http://mrqe.us I have found your post to be very rousing and full of good information. .I would like to thank you for your best written post, its informative and your writing style helped me to read it till end. http://couponcodes365.us I liked the way you wrote it. http://mrqe.in You did not divert from the topic even once which I have
not seen in many other writersand www.usafashiontv.com
... 12 Sep 2014, Mrqeus
I just got to this amazing site not long ago. I was actually captured with the piece of resources like Securing the extended enterprise post that you have got here. Big thumbs up for making such wonderful blog page Canon Printer Review and Driver Australia Printer Driver DownloadGadget Smartphone Specifications and ReviewCar Automotive Gallery Specification and Reviewhanya kan menjadi bagan hidupku ... 7 Aug 2014, Khaitoseven
I used to be very shy and hopeless because of being overweight. Now after using slim 24 pro I feel beautiful, energetic and confident. I am using slim 24 pro on regular basis and recommend to all. Health N Fitness Care With slim 24 pro ... 6 Aug 2014, Pandit
Just wanted to drop a comment and say I am new to your blog and really like what I am reading. Thanks for the great content. Look forward to coming back for more……step up height viagra ... 4 Aug 2014, Pandit
This is a smart blog. I mean it. You have so much knowledge about this issue, and so much passion
festa peppa e batman
... 1 Aug 2014, Sheilaf
Great blog and I love what you have to say coco palms | Rivertrees | the rise @ oxley | Pollen & Bleu | and I think I will tweet this out to my friends so they can check it out as well. ... 17 Jul 2014, Wendylowhy
I found some interesting things and I will apply to the development of my blog. Thanks for sharing useful information how to get bigger boobs ... 7 Jul 2014, Jennybolton
Hey there superb blog! Does running a blog like this require a massive ampunt work? I have virtually no knowledge of programmiing buut I was hoping to start myy own blog soon. cara maksimalkan bisnis Libertagia langkah panduan daftari Libertagia bisnis libertagia $3 tiap hari ... 4 Jul 2014, Candrax
In order to get the views your web site needs to increase your client base, and increase increase your sales, you can rely on our dedicated Reno SEO services to make this happen for you.
Jual susu Kolostrum - Jual susu Kolostrum - Jual susu Kolostrum - susu kolostrum - Jual susu kolostrum- Jual susu kolostrum - Jual susu kolostrum- Jual susu kolostrum
Jual geotextile0Jual geotextile-Jual geotextile-Jual geotextile=Jual geotextile
... 12 Jun 2014, Akikahtangerang
Business are facing severe crisis and they are not safe in the hands of entrepreneurs .Organizations needs to adapt many marketing technologies to maximize their potential capacity in order to deliver high quality services and solutions on a global basis. reinstall windows 8 ... 3 Apr 2014, Alwin antony