CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Strategies

Information Security and Your Business

By Mark Egan

Everything about a company -- product development, sales, customer relationship management, marketing, competitive analysis, investor relations, policy compliance, finances, human resources -- exists in and is managed through information systems. Information technology isn't just an administrative marvel, either; it's the repository and means of delivery for the information that drives business. How that information is protected, managed, and put to work is the key to business success.

As a result of this evolving understanding of information management, the IT department's challenge is clearer than ever: supporting the business goals of the enterprise by ensuring the safety and accessibility of its information assets. Anything that disrupts this safety and accessibility creates downtime, which costs money. When disruptions occur, IT departments need to get the enterprise restarted and restored to the "moment before" state as rapidly as possible, without risk of repeating the same failure.

Enterprises are also increasingly under regulatory pressure -- the governance requirements of Sarbanes-Oxley, the privacy requirements of HIPAA, the homeland defense measures of The USA Patriot Act, the European Data Protection Act, the Basel II Accord, the new e-commerce laws passed in over 40 countries around the world, not to mention FISMA, GLBA, and NERC. This regulatory climate requires CIOs to implement policy, process management, monitoring, audit, documentation, and reporting solutions that can ensure accountability, transparency, and compliance. Failure to comply can result in lost business and customer confidence, in addition to financial and legal liability.

At the same time, CIOs and IT departments continue to be asked to do more with less, and to act more quickly and with greater impact on business success. CIOs are not only being asked to keep the business up and running, but to implement and maintain new capabilities that will enable the enterprise to pursue new opportunities, attack new markets, maintain competitive advantage, and more deeply embed customer relationships.

From PDAs to patches to phishing

Mobile computing is a trend that shows no signs of slowing down. On the contrary, enterprise deployments of notebook PCs, tablet PCs, and PDAs continue to grow by leaps and bounds. Research firm Gartner Inc. has gone so far as to predict that by the year 2010, 80 percent of key business processes will entail the exchange of real-time information involving mobile workers. Small wonder, then, that ensuring the security of these devices has emerged as priority number one at so many organizations.

As the number and frequency of software patches continue to increase, patch management has become a major issue for all organizations. The widespread damage caused by several highly publicized worm attacks only underscores the need for an effective, enterprise-wide approach to patch management.

All of these trends are occurring amid an increasingly hostile threat landscape. Every day, threats and vulnerabilities are steadily mounting. Security researchers have uncovered a sharp increase in organized virus- and worm-writing activity that is powering an underground economy specializing in identity theft and spam. In just a few short years, occasional Web site defacements courtesy of "script kiddies" have evolved into sophisticated, purposeful, well-funded online fraud (such as "phishing").

The information integrity challenge

Today's enterprises need information that is secure, always available, and unfailingly trustworthy so that they can keep their business up, running, and growing, no matter what happens. This is the information integrity challenge.

Enterprises can't afford to make their information 100 percent available and 100 percent secure. Instead, they must develop a business-driven position on acceptable risk. They must define and maintain an appropriate balance. A balanced approach to information availability and security is one in which information is kept safe, yet is accessible wherever, whenever, and to whomever the business needs dictate.

The evolution of information technology has treated the goal of information integrity as two goals. On the one hand, IT staff have pursued information availability, using tools to make information accessible to the ends of the earth in support of business goals. Security staff, on the other hand, have worked to provide information security -- making information inaccessible except to the people who need it. The effect has been two distinct realms with radically different mandates and no clear workflow or process to make sure they act intelligently together.

Needed: a resilient infrastructure

The answer lies in having a resilient infrastructure that creates the ability to understand, act, and control.

  • Understand means knowledge of the information environment, both inside and outside your organization. It means being aware of electronic threats emerging anywhere in the world before they reach the organization. And, it's about identifying possible regulatory compliance issues, assessing the effectiveness of security and administration tools, and constantly monitoring the status of hardware, software, information, and other network assets anywhere in your enterprise.

  • Act involves responding successfully to both vulnerabilities and attacks, as well as to new business opportunities. It's about securing devices, applications, and networks against threats before they happen. It's taking steps to be sure information is up-to-date, compliant, and restorable. And it's about maintaining and building your competitive advantage through new technologies and processes, like mobile computing.

  • Control is about managing information resources to prevent disruptions, minimize downtime, and expand your capabilities. That means provisioning new applications, managing software patches, and taking other steps to keep your enterprise up, running, and growing.

Information integrity involves being able to understand, act, and control in the face of current and future trends. It can be viewed as a unified approach to IT management designed to provide both security and availability for a company's network resources. Information integrity requires advanced administration tools and superior security tools.

The ideal goal is keeping critical assets as secure as possible, while also making them readily accessible to the users who can maximize their value. Benefits include the ability to confidently deploy and use information to drive innovation, lower costs, increase customer satisfaction and loyalty, improve profits, and provide competitive advantage.

Mark Egan is chief information officer and vice president of information technology at Symantec.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"Today's enterprises need information that is secure, always available, and unfailingly trustworthy so that they can keep their business up, running, and growing, no matter what happens."
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


CIO Interview: CIO of Port of Portland, Michelle Gaines
Playtime: 7 min 59 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service