IT execs must shift security approaches
Mobile, cloud and social media technologies are making traditional security obsolete, industry leaders say
Computerworld - SAN FRANCISCO -- IT security executives must secure what they cannot directly control to properly protect enterprise data in the coming years, said industry executives at the RSA Conference 2012 here this week.
The confluence of cloud computing, mobile technologies and IT consumerization is driving massive changes in how enterprise data is accessed, used and shared.
Rather than fight the changing data management landscape, enterprises should look to accommodate it in a secure and practical way, the executives said.
"We need to rethink how we secure the enterprise," said Enrique Salem, president and CEO of Symantec, in a keynote speech. "We need to stop saying 'No' and partner with our user community" to enable the secure use of new technologies and social media tools, Salem said.
Longheld notions about enterprise security need to be jettisoned, Salem said. "This new world is one where we don't control the device," he said.
Enterprise data is increasingly being accessed and shared via mediums that IT has little direct control over -- personal mobile devices and social media networks used by workers and from servers hosted by cloud providers.
"With the expanded use of private and public clouds we don't know where our data resides or when a specific workload is being run," Salem said.
Traditional security models that focus on perimeter and network controls won't work in the new IT environment, he said. Companies must start implementing controls that can securely authenticate, authorize and audit user access, via untraditional means.
Instead of having only firewalls to prevent malicious code from entering a network, companies should start adding controls that can keep critical information within it, Salem said.
For the first time since the dawn of IT technology, savvy consumers and employees are adopting technologies faster than enterprises can absorb them," said Art Coviello, president of EMC's RSA division.
The ramifications of the trend are significant, he said.
"IT organizations must learn to manage what they cannot directly control and security organizations must learn to protect what they cannot control," Coviello said.
Over the past 10 years, he noted, data volumes, data access speeds, the use of mobile technologies and social media tools and risk levels have all increased by several orders of magnitude. "If Facebook were a country it would be the third largest on the planet right now," he said.
Protecting enterprise data in the new environment is a lot different than current security models allow, he added.
Scott Charney, corporate vice president of Microsoft's Trustworthy Computing initiative, said good security increasingly should be about the ability to manage and analyze massive volumes of data. "It is really important to understand that we are moving to the Internet of things," he said.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!