Keeping Customer Data Safe in an Evolving Threat Landscape
In the digital age, increasing amounts of data are being shared in new and often unanticipated ways. With the proliferation of data, devices and connections comes a set of new security threats. Midsize companies, in particular, are feeling the heat.
While their security budgets are often at risk for cuts, recovering from the impact of a breach can be a more arduous process involving lost revenue, decreased productivity and potential reputation damage. Where large enterprises have the luxury of relying on well equipped IT departments – not to mention teams squarely focused on security – midsize companies often must address these same concerns with far fewer resources at their disposal.
Although securing critical company information remains a crucial component of any business strategy, safeguarding this data is more difficult than ever. Security intelligence – the ability to predict, identify and react to potential threats – is taking on new importance. In a nutshell, security intelligence entails:
- Evaluating potential risk to the brand;
- Understanding the financial implications of adverse events; and
- Assessing the impact of IT systems disruptions on ongoing operations.
The security management challenge
Security is quickly becoming a key business issue. According to a study entitled "Inside the Midmarket: A 2011 Perspective,” security management is the top IT priority for midsize businesses around the globe. And, in a 2011 CIO Study, 60 percent of IT leaders from midsize firms reported plans to focus more on risk management and compliance as a means of increasing their company’s competitiveness over the next three to five years.
Midsize organizations are frequently at the forefront of innovation – research shows them adopting social media and cloud services faster than large enterprises. They’re also exploring flexible mobility models, such as Bring Your Own Device (BYOD). As a result, midsize companies face a unique set of security challenges.
One of the most pressing challenges is identity and access management: ensuring the right people get the right access to the right data (and that everyone is who they say they are). It’s especially of concern among companies trying to manage a growing array of IT assets located outside of company controlled networks. A slew of factors add complexity to traditional identity and access management platforms. The situation becomes even more complicated for midsize firms, which tend to have a broader reliance upon external partnerships for growing their businesses.
For VantisLife Insurance Company, having the confidence of customers is critical in order to compete and grow. This midsize company has more than $4.2 billion of life insurance, nearly $600 million of annuities in force – and 90 percent of all their business is submitted electronically.
VantisLife conducted a thorough security assessment to ensure customers’ confidence in the security of their data. The assessment identified exposures in their systems, specifically in terms of agent authentication and how they accessed data within the company's systems. These issues needed to be addressed, but developing an in-house solution would require a major investment in infrastructure. Staffing with the necessary skills would place unwanted – and possibly unsustainable – pressure on precious resources.
Instead, VantisLife chose a cloud-based identity and access management solution that added significant layers of protection while maintaining ease-of-use for customers. VantisLife now has the ability to aggressively pursue their plans for growth on a national scale, unlike competitors trying to build out legacy systems.
Choosing the right path
Cloud-based identity and access management systems ensure that customer data is kept safe. These systems can drive business efficiency, security and compliance for midsize companies looking to integrate diverse external resources.
So where to start? If you’re a midsize company looking to evaluate your security needs, begin by looking at three key areas: people and identity, data and applications, and infrastructure.
Properly managing risk is imperative to building a dynamic and resilient infrastructure. Companies have a responsibility to protect critical business assets; however, midsize companies in particular have to balance between meeting these security demands and managing the associated costs.
Regardless of what’s most essential to your business, there are a variety of solutions available, which span security, compliance, and resiliency, and are often available for on-site or cloud-hosted deployments, to help protect assets. Companies that aren’t tackling this challenge head-on could face greater consequences in the future. If you’re not already thinking about these issues, it’s time to get started – or risk being left behind.