Keeping Customer Data Safe in an Evolving Threat Landscape

data_enews In the digital age, increasing amounts of data are being shared in new and often unanticipated ways. With the proliferation of data, devices and connections comes a set of new security threats. Midsize companies, in particular, are feeling the heat.

While their security budgets are often at risk for cuts, recovering from the impact of a breach can be a more arduous process involving lost revenue, decreased productivity and potential reputation damage. Where large enterprises have the luxury of relying on well equipped IT departments – not to mention teams squarely focused on security – midsize companies often must address these same concerns with far fewer resources at their disposal.

Although securing critical company information remains a crucial component of any business strategy, safeguarding this data is more difficult than ever. Security intelligence – the ability to predict, identify and react to potential threats – is taking on new importance. In a nutshell, security intelligence entails:

Evaluating potential risk to the brand;
Understanding the financial implications of adverse events; and
Assessing the impact of IT systems disruptions on ongoing operations.

The security management challenge

Security is quickly becoming a key business issue. According to a study entitled "Inside the Midmarket: A 2011 Perspective,” security management is the top IT priority for midsize businesses around the globe. And, in a 2011 CIO Study, 60 percent of IT leaders from midsize firms reported plans to focus more on risk management and compliance as a means of increasing their company’s competitiveness over the next three to five years.

Midsize organizations are frequently at the forefront of innovation – research shows them adopting social media and cloud services faster than large enterprises. They’re also exploring flexible mobility models, such as Bring Your Own Device (BYOD). As a result, midsize companies face a unique set of security challenges.

One of the most pressing challenges is identity and access management: ensuring the right people get the right access to the right data (and that everyone is who they say they are). It’s especially of concern among companies trying to manage a growing array of IT assets located outside of company controlled networks. A slew of factors add complexity to traditional identity and access management platforms. The situation becomes even more complicated for midsize firms, which tend to have a broader reliance upon external partnerships for growing their businesses.

Real-world success

For VantisLife Insurance Company, having the confidence of customers is critical in order to compete and grow. This midsize company has more than $4.2 billion of life insurance, nearly $600 million of annuities in force – and 90 percent of all their business is submitted electronically.

VantisLife conducted a thorough security assessment to ensure customers’ confidence in the security of their data. The assessment identified exposures in their systems, specifically in terms of agent authentication and how they accessed data within the company's systems. These issues needed to be addressed, but developing an in-house solution would require a major investment in infrastructure. Staffing with the necessary skills would place unwanted – and possibly unsustainable – pressure on precious resources.
Instead, VantisLife chose a cloud-based identity and access management solution that added significant layers of protection while maintaining ease-of-use for customers. VantisLife now has the ability to aggressively pursue their plans for growth on a national scale, unlike competitors trying to build out legacy systems.

Choosing the right path

Cloud-based identity and access management systems ensure that customer data is kept safe. These systems can drive business efficiency, security and compliance for midsize companies looking to integrate diverse external resources.

So where to start? If you’re a midsize company looking to evaluate your security needs, begin by looking at three key areas: people and identity, data and applications, and infrastructure.

Properly managing risk is imperative to building a dynamic and resilient infrastructure. Companies have a responsibility to protect critical business assets; however, midsize companies in particular have to balance between meeting these security demands and managing the associated costs.

Regardless of what’s most essential to your business, there are a variety of solutions available, which span security, compliance, and resiliency, and are often available for on-site or cloud-hosted deployments, to help protect assets. Companies that aren’t tackling this challenge head-on could face greater consequences in the future. If you’re not already thinking about these issues, it’s time to get started – or risk being left behind.

Eric Maass is Chief Technology Officer for Lighthouse Security Group, a leader in cloud-based identity and access management (IAM) services. Formerly chief security architect with Lockheed Martin, and with more than 10 years of professional experience in large-scale multi-tenant IAM, Maass is responsible for the companyâs product roadmap, go-to-market strategy and technology vision.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.