IT execs must shift security approaches
Mobile, cloud and social media technologies are making traditional security obsolete, industry leaders say
Computerworld - SAN FRANCISCO -- IT security executives must secure what they cannot directly control to properly protect enterprise data in the coming years, said industry executives at the RSA Conference 2012 here this week.
The confluence of cloud computing, mobile technologies and IT consumerization is driving massive changes in how enterprise data is accessed, used and shared.
Rather than fight the changing data management landscape, enterprises should look to accommodate it in a secure and practical way, the executives said.
"We need to rethink how we secure the enterprise," said Enrique Salem, president and CEO of Symantec, in a keynote speech. "We need to stop saying 'No' and partner with our user community" to enable the secure use of new technologies and social media tools, Salem said.
Longheld notions about enterprise security need to be jettisoned, Salem said. "This new world is one where we don't control the device," he said.
Enterprise data is increasingly being accessed and shared via mediums that IT has little direct control over -- personal mobile devices and social media networks used by workers and from servers hosted by cloud providers.
"With the expanded use of private and public clouds we don't know where our data resides or when a specific workload is being run," Salem said.
Traditional security models that focus on perimeter and network controls won't work in the new IT environment, he said. Companies must start implementing controls that can securely authenticate, authorize and audit user access, via untraditional means.
Instead of having only firewalls to prevent malicious code from entering a network, companies should start adding controls that can keep critical information within it, Salem said.
For the first time since the dawn of IT technology, savvy consumers and employees are adopting technologies faster than enterprises can absorb them," said Art Coviello, president of EMC's RSA division.
The ramifications of the trend are significant, he said.
"IT organizations must learn to manage what they cannot directly control and security organizations must learn to protect what they cannot control," Coviello said.
Over the past 10 years, he noted, data volumes, data access speeds, the use of mobile technologies and social media tools and risk levels have all increased by several orders of magnitude. "If Facebook were a country it would be the third largest on the planet right now," he said.
Protecting enterprise data in the new environment is a lot different than current security models allow, he added.
Scott Charney, corporate vice president of Microsoft's Trustworthy Computing initiative, said good security increasingly should be about the ability to manage and analyze massive volumes of data. "It is really important to understand that we are moving to the Internet of things," he said.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts