Security Enterprise Services

Three Tips for Securing the Open Enterprise

openenterprise_enewsThe days of wrapping our enterprise users and systems within a network security perimeter are long gone. In order to better innovate and compete in today’s fast moving markets, the business needs to leverage any opportunity to accelerate new initiatives and create new revenue opportunities. For example, the business brings in SaaS applications to meet their needs if IT can’t deliver services fast enough; it adopts new mobile apps to support employee and customer engagement; it packages its own intellectual property in the form of APIs for growth and agility; and it sets up internal system access for partners and contractors for streamlined operations. This essentially opens the enterprise and creates a challenge for the security team: How to enable and still protect the Open Enterprise.  

Because we are expanding on three dimensions at the same time, enabling the secure Open Enterprise presents several challenges: 1) The identity population needing access to enterprise data is moving beyond employees and administrators to include business partners, contract developers and a rapidly growing customer community; 2) At the same time, the applications those groups need access to are migrating from the enterprise data center to the cloud and; 3) The access device is evolving from PC to smartphone and tablet but will quickly include other smart devices such as wearables and smart meters.  While opening the enterprise increases the attack surface, securely enabling the open business can help it innovate and grow.

The first step to securing the Open Enterprise is managing identity. According to the Verizon data breach report, the use of stolen or misused passwords continues to be the number one way to gain access to information. With fragmented IT systems, identity is the new security perimeter. Authentication of identities should be centralized to all resources, whether on premise or not. This offers a single point of control and an audit point. You can then apply multi-factor authentication options to reduce the threat of compromise from weak or leaked passwords. By federating access from your identity broker, multi-factor authentication is applied to applications that don’t otherwise support it. Over time, the business can add more sophisticated authentication elements bringing in context (device type, network type, geo-location, etc.) and analytics. In this model, disabling users now means they have no access to any external SaaS applications, a big win for securing corporate IP.

Next, the Open Enterprise needs to share information. The days of building a web app are quickly passing. The business needs API level access to information to share across divisions and with partners. In fact, instead of IT building a mobile app for the business, give the business a set of APIs to build their own mobile apps. By implementing an API gateway to your applications and data, you can create strong security controls while the business innovates and experiments with new apps. The business can even open these information feeds directly to partners to include in their applications.  

The final, key component of the Open Enterprise architecture is managing developer access to APIs and providing business owners insight to usage. Once applications and data are available in a secure, accessible model, the business will quickly find new revenue models and want to scale. The Developer Portal will allow a large number of developers inside or outside the organization to request access to a set of APIs, obtain access keys, review sample code, test integration and begin developing in a self-serve model. This component will also let application or business owners get reports on which applications and which business partners are driving traffic.

A great example of this in action is the New York MTA. Its business team thought it could increase ridership if the schedules were easier to access. Rather than trying to create the one perfect app, the IT team focused on securely exposing API access to the scheduling systems and allowing developers to focus on what they do best. Within three months, there were dozens of mobile apps that incorporated MTA scheduling information in a way that works best for their consumer. The security team had complete visibility to log and monitor each transaction.

It is well understood that the threats to corporate intellectual property continue to grow. The Open Enterprise further increases the attack surface. By centrally controlling identity and abstracting security controls to the API gateway, the business can securely enable the open enterprise and manage the risk. In fact, the new architecture helps the business move faster, innovate and experiment with programs that drive revenue. Using these three tips to secure the Open Enterprise shows business leaders that the security team supports and is in alignment with business goals. Who knows, additional budget and resources may surface as security becomes an enabler of the business.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.