Logical Security

Security: Opening the Door to Business Agility

Many organizations look at security from yesterday’s paradigm – a “we versus they” mentality that pits business productivity against security. For years, security has been the practice of denial, restriction and limitation, and it’s been an expensive insurance policy where value is measured by what doesn’t happen, rather than by what does.

Moreover, the majority of IT spend is focused on “keeping the lights on,” and not enough is invested in keeping up with and securing the changing IT landscape – like securing an ever-growing number of mobile devices and data in the cloud.  But, what if you could leverage your security investment to both secure for today and tomorrow while contributing to your company’s top line and adding value to the business?  What if you could speed business processes by connecting your users to your partners and customers, uniting users with the right data they need, and enabling your organization to operate smarter, more efficiently and, thus, with more agility?

Consider a perspective that’s entirely different from the traditional view of security –turn the paradigm around to make security the practice of connecting, permitting, uniting and enabling.  Add business value by implementing security while maintaining – and even increasing – productivity. Organizations need a different approach to do this; they need to manage the identities and access of their users. Identity governance, access management and privileged management have emerged as the basis for safely and efficiently managing access to business resources, wherever they reside inside or outside the network, without compromising security.

A robust security strategy that starts protecting the business and contributing to organizational goals. The security afforded through managing the identities of users will help IT to “rightsize” access – ensuring that both administrative and end users have access to only the resources they need to do their jobs.

When security becomes the practice of connecting, permitting, uniting and enabling, the business becomes agile enough to move forward on many different fronts, which, on the surface, sound like they have nothing to do with security.  But, it’s the right security that allows businesses to enable a user to cover for someone who is sick by assigning permissions in less than three minutes; move a department’s access rights –without having to go to IT –  from the mortgage application to the pension application to meet a huge demand coming from a recent marketing campaign; provide a design partner from a gearbox manufacturer with access to the company’s chassis design details, through federation and the partner’s own self-service application; enable single sign-on to the new cloud-based lead nurturing app the CMO purchased without telling IT; give a ship’s captain access to SAP on his iPad so he can update the delayed arrival time into dock, when he’s in the middle of the Atlantic; or give the $3,000-per-day consultant root access to every machine he needs within five minutes of his arrival at work to minimize billable delays. 

All of these are possible – IT can secure data, meet uptime requirements and address compliance obligations, and increase end user productivity by giving users faster access to the data and applications they need to do their jobs. With this combination line of business users are enabled to make better decisions by only getting access to the data they need to do their jobs, and neither flooding them with so much data that they become security risks themselves, nor providing so little access that they become ineffective.

Another challenge that IT might be inclined to deal with through denial and restriction includes the increased use of cloud and BYOD. The influx of cloud-based applications like Salesforce.com, Google Apps, and Office 365 has taken access control out of the hands of IT, just as user demand for access to both network and cloud apps from mobile devices is skyrocketing, and the business is demanding that all access be secure. This results in a huge burden for IT, not the least of which is the need to provision access to, and manage passwords for, all the different SaaS applications. But, it doesn’t have to be that way. The security afforded through managing the users enables IT to meet the growing demand by employees to use their tablets, smartphones, and other mobile devices for work, anytime, no matter where they are.

It’s mandatory, in today’s world, for organizations to have the right security policies and practices in place to prevent intrusions, protect intellectual property, maintain privacy and ensure compliance with corporate policies and government regulations. When security enables an organization to make new employees, partners and consultants productive faster –whether that’s designing a new product or part between multiple organizations across many time zones, giving a high-priced consultant the right access instantly, or ensuring an employee has the necessary access to cover for a sick team member –you’ve improved agility and added business value. The trick here is to change the conversation from restrict and deny to permit and enable, making IT the force for “yes,” rather than the group of “no,” denial and restriction.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.