IT execs must shift security approaches
Mobile, cloud and social media technologies are making traditional security obsolete, industry leaders say
Computerworld - SAN FRANCISCO -- IT security executives must secure what they cannot directly control to properly protect enterprise data in the coming years, said industry executives at the RSA Conference 2012 here this week.
The confluence of cloud computing, mobile technologies and IT consumerization is driving massive changes in how enterprise data is accessed, used and shared.
Rather than fight the changing data management landscape, enterprises should look to accommodate it in a secure and practical way, the executives said.
"We need to rethink how we secure the enterprise," said Enrique Salem, president and CEO of Symantec, in a keynote speech. "We need to stop saying 'No' and partner with our user community" to enable the secure use of new technologies and social media tools, Salem said.
Longheld notions about enterprise security need to be jettisoned, Salem said. "This new world is one where we don't control the device," he said.
Enterprise data is increasingly being accessed and shared via mediums that IT has little direct control over -- personal mobile devices and social media networks used by workers and from servers hosted by cloud providers.
"With the expanded use of private and public clouds we don't know where our data resides or when a specific workload is being run," Salem said.
Traditional security models that focus on perimeter and network controls won't work in the new IT environment, he said. Companies must start implementing controls that can securely authenticate, authorize and audit user access, via untraditional means.
Instead of having only firewalls to prevent malicious code from entering a network, companies should start adding controls that can keep critical information within it, Salem said.
For the first time since the dawn of IT technology, savvy consumers and employees are adopting technologies faster than enterprises can absorb them," said Art Coviello, president of EMC's RSA division.
The ramifications of the trend are significant, he said.
"IT organizations must learn to manage what they cannot directly control and security organizations must learn to protect what they cannot control," Coviello said.
Over the past 10 years, he noted, data volumes, data access speeds, the use of mobile technologies and social media tools and risk levels have all increased by several orders of magnitude. "If Facebook were a country it would be the third largest on the planet right now," he said.
Protecting enterprise data in the new environment is a lot different than current security models allow, he added.
Scott Charney, corporate vice president of Microsoft's Trustworthy Computing initiative, said good security increasingly should be about the ability to manage and analyze massive volumes of data. "It is really important to understand that we are moving to the Internet of things," he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts