Many organizations look at security from yesterday’s paradigm – a “we versus they” mentality that pits business productivity against security. For years, security has been the practice of denial, restriction and limitation, and it’s been an expensive insurance policy where value is measured by what doesn’t happen, rather than by what does.
Moreover, the majority of IT spend is focused on “keeping the lights on,” and not enough is invested in keeping up with and securing the changing IT landscape – like securing an ever-growing number of mobile devices and data in the cloud. But, what if you could leverage your security investment to both secure for today and tomorrow while contributing to your company’s top line and adding value to the business? What if you could speed business processes by connecting your users to your partners and customers, uniting users with the right data they need, and enabling your organization to operate smarter, more efficiently and, thus, with more agility?
Consider a perspective that’s entirely different from the traditional view of security –turn the paradigm around to make security the practice of connecting, permitting, uniting and enabling. Add business value by implementing security while maintaining – and even increasing – productivity. Organizations need a different approach to do this; they need to manage the identities and access of their users. Identity governance, access management and privileged management have emerged as the basis for safely and efficiently managing access to business resources, wherever they reside inside or outside the network, without compromising security.
A robust security strategy that starts protecting the business and contributing to organizational goals. The security afforded through managing the identities of users will help IT to “rightsize” access – ensuring that both administrative and end users have access to only the resources they need to do their jobs.
When security becomes the practice of connecting, permitting, uniting and enabling, the business becomes agile enough to move forward on many different fronts, which, on the surface, sound like they have nothing to do with security. But, it’s the right security that allows businesses to enable a user to cover for someone who is sick by assigning permissions in less than three minutes; move a department’s access rights –without having to go to IT – from the mortgage application to the pension application to meet a huge demand coming from a recent marketing campaign; provide a design partner from a gearbox manufacturer with access to the company’s chassis design details, through federation and the partner’s own self-service application; enable single sign-on to the new cloud-based lead nurturing app the CMO purchased without telling IT; give a ship’s captain access to SAP on his iPad so he can update the delayed arrival time into dock, when he’s in the middle of the Atlantic; or give the $3,000-per-day consultant root access to every machine he needs within five minutes of his arrival at work to minimize billable delays.
All of these are possible – IT can secure data, meet uptime requirements and address compliance obligations, and increase end user productivity by giving users faster access to the data and applications they need to do their jobs. With this combination line of business users are enabled to make better decisions by only getting access to the data they need to do their jobs, and neither flooding them with so much data that they become security risks themselves, nor providing so little access that they become ineffective.
Another challenge that IT might be inclined to deal with through denial and restriction includes the increased use of cloud and BYOD. The influx of cloud-based applications like Salesforce.com, Google Apps, and Office 365 has taken access control out of the hands of IT, just as user demand for access to both network and cloud apps from mobile devices is skyrocketing, and the business is demanding that all access be secure. This results in a huge burden for IT, not the least of which is the need to provision access to, and manage passwords for, all the different SaaS applications. But, it doesn’t have to be that way. The security afforded through managing the users enables IT to meet the growing demand by employees to use their tablets, smartphones, and other mobile devices for work, anytime, no matter where they are.
It’s mandatory, in today’s world, for organizations to have the right security policies and practices in place to prevent intrusions, protect intellectual property, maintain privacy and ensure compliance with corporate policies and government regulations. When security enables an organization to make new employees, partners and consultants productive faster –whether that’s designing a new product or part between multiple organizations across many time zones, giving a high-priced consultant the right access instantly, or ensuring an employee has the necessary access to cover for a sick team member –you’ve improved agility and added business value. The trick here is to change the conversation from restrict and deny to permit and enable, making IT the force for “yes,” rather than the group of “no,” denial and restriction.