Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Logical Security

Security: Opening the Door to Business Agility

Many organizations look at security from yesterday’s paradigm – a “we versus they” mentality that pits business productivity against security. For years, security has been the practice of denial, restriction and limitation, and it’s been an expensive insurance policy where value is measured by what doesn’t happen, rather than by what does.

Moreover, the majority of IT spend is focused on “keeping the lights on,” and not enough is invested in keeping up with and securing the changing IT landscape – like securing an ever-growing number of mobile devices and data in the cloud.  But, what if you could leverage your security investment to both secure for today and tomorrow while contributing to your company’s top line and adding value to the business?  What if you could speed business processes by connecting your users to your partners and customers, uniting users with the right data they need, and enabling your organization to operate smarter, more efficiently and, thus, with more agility?

Consider a perspective that’s entirely different from the traditional view of security –turn the paradigm around to make security the practice of connecting, permitting, uniting and enabling.  Add business value by implementing security while maintaining – and even increasing – productivity. Organizations need a different approach to do this; they need to manage the identities and access of their users. Identity governance, access management and privileged management have emerged as the basis for safely and efficiently managing access to business resources, wherever they reside inside or outside the network, without compromising security.

A robust security strategy that starts protecting the business and contributing to organizational goals. The security afforded through managing the identities of users will help IT to “rightsize” access – ensuring that both administrative and end users have access to only the resources they need to do their jobs.

When security becomes the practice of connecting, permitting, uniting and enabling, the business becomes agile enough to move forward on many different fronts, which, on the surface, sound like they have nothing to do with security.  But, it’s the right security that allows businesses to enable a user to cover for someone who is sick by assigning permissions in less than three minutes; move a department’s access rights –without having to go to IT –  from the mortgage application to the pension application to meet a huge demand coming from a recent marketing campaign; provide a design partner from a gearbox manufacturer with access to the company’s chassis design details, through federation and the partner’s own self-service application; enable single sign-on to the new cloud-based lead nurturing app the CMO purchased without telling IT; give a ship’s captain access to SAP on his iPad so he can update the delayed arrival time into dock, when he’s in the middle of the Atlantic; or give the $3,000-per-day consultant root access to every machine he needs within five minutes of his arrival at work to minimize billable delays. 

All of these are possible – IT can secure data, meet uptime requirements and address compliance obligations, and increase end user productivity by giving users faster access to the data and applications they need to do their jobs. With this combination line of business users are enabled to make better decisions by only getting access to the data they need to do their jobs, and neither flooding them with so much data that they become security risks themselves, nor providing so little access that they become ineffective.

Another challenge that IT might be inclined to deal with through denial and restriction includes the increased use of cloud and BYOD. The influx of cloud-based applications like Salesforce.com, Google Apps, and Office 365 has taken access control out of the hands of IT, just as user demand for access to both network and cloud apps from mobile devices is skyrocketing, and the business is demanding that all access be secure. This results in a huge burden for IT, not the least of which is the need to provision access to, and manage passwords for, all the different SaaS applications. But, it doesn’t have to be that way. The security afforded through managing the users enables IT to meet the growing demand by employees to use their tablets, smartphones, and other mobile devices for work, anytime, no matter where they are.

It’s mandatory, in today’s world, for organizations to have the right security policies and practices in place to prevent intrusions, protect intellectual property, maintain privacy and ensure compliance with corporate policies and government regulations. When security enables an organization to make new employees, partners and consultants productive faster –whether that’s designing a new product or part between multiple organizations across many time zones, giving a high-priced consultant the right access instantly, or ensuring an employee has the necessary access to cover for a sick team member –you’ve improved agility and added business value. The trick here is to change the conversation from restrict and deny to permit and enable, making IT the force for “yes,” rather than the group of “no,” denial and restriction.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.