CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Analytics and ROI

Security 2.0: An Update

By Tom Schmidt

The battleground for security has shifted. No longer is it just about the computer or even the corporate network. Instead, the new challenge is about protecting users' most important assets: their information and their interactions. Providing that protection is at the heart of what has been dubbed "Security 2.0."

Evolving challenges
Security 2.0 has evolved in response to a dramatically shifting threat landscape. Previous editions of the Internet Security Threat Report have documented that attack activity has evolved from being motivated by status for technical prowess to being motivated by financial gain. Many of today's threats are designed to gather information that has financial value to the attacker. This can include personal information that can be used for the purpose of identity theft (the act of stealing the information) or fraud (using the information to commit fraud).

As the most recent Threat Report observed:

"The current threat landscape is populated by lower profile, more targeted attacks, attacks that propagate at a slower rate in order to avoid detection, and thereby increase the likelihood of successful compromise. Instead of exploiting vulnerabilities in servers, as traditional attacks often did, these threats tend to exploit vulnerabilities in client-side applications that require a degree of user interaction, such as word processing and spreadsheet programs. A number of these have been zero-day vulnerabilities. These types of threats also attempt to escape detection in order to remain on host systems for longer periods so that they can steal information or provide remote access."

People are the new perimeter
Of course, the threat landscape isn't all that is evolving. So too is the network perimeter. Traditionally, an enterprise's computer network has been a well-defined entity, with clear perimeters and fixed endpoints throughout. But that was yesterday. Today's IT network landscape has changed almost beyond recognition:

  • Instead of one corporate platform and operating system, companies now routinely mix PCs and Macs with Windows, Unix, Linux and more.
  • At the same time, network usage has expanded to include multiple endpoints beyond the traditional desktop and servers. From laptops to PDAs to smartphones to guest computers, network boundaries have morphed to embrace a new business paradigm.
  • Today, the physical network perimeter is no longer defined by network devices. Instead, the people using the system -- employees, customers, guest users and partners -- comprise the new boundaries.
  • Technology innovations, driven by pervasive computing, are fueling new business capabilities and business models. Customers, connecting directly to corporate networks, now accomplish transactions that were once completed by corporate employees.

That's the reality of the online world today. Moreover, customers expect faster access to their information, and enterprises must keep up with growing customer expectations and look for ways to leverage new technologies.

Making it all work
So what makes this new world work? The answer shouldn't come as a surprise. What makes it all work is confidence. Confidence is the essential component if enterprises expect to realize the full potential that these new technologies bring. And confidence comes only when all those in the connected world believe that their information is protected, their interactions are secure, and the risk of harm is minimal.

Protecting this information and securing these interactions takes more than bolted-on security. It takes integrated products and services that provide a holistic view into an organization's security posture. It also takes solutions that identify risks early -- so that steps can be taken to mitigate them and prevent an attack. And it entails enabling customers to manage their security events -- no matter what products they may already have installed.

Conclusion
External threats like phishing, pharming, and identity theft, are evolving at an accelerating pace. Criminals and malicious users are no longer focused on PCs or networks; instead, they now reach into the depths of the world's data banks. These disturbing trends are introducing new risks to our most valuable asset -- information -- as well as our interactions that today span dozens of platforms and hundreds of devices. Clearly, a new approach to protecting information and interactions is required.

Security 2.0, which integrates software, services and partnerships, represents a vision for building confidence in today's connected world. Its goal: the comprehensive protection of business interactions, critical information and IT infrastructure.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

External threats like phishing, pharming and identity theft are evolving at an accelerating pace. Criminals and malicious users are no longer focused on PCs or networks; instead, they now reach into the depths of the world's data banks.
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


CIO Interview: CIO of Port of Portland, Michelle Gaines
Playtime: 7 min 59 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service