The cybersecurity needs of the borderless enterprise
As the traditional security perimeter dissolves in a virtualized environment, organizations need a new cybersecurity framework and architecture
Computerworld - A borderless nation would be extremely difficult to defend, to the point of rendering the idea unthinkable. The same can be said about borderless enterprises, except in that case the idea isn't unthinkable. In fact, borderless enterprises are becoming the rule, not the exception.
In a borderless enterprise, the traditional security perimeter no longer exists. Organizations are now faced with the task of securing highly virtualized IT environments that embrace cloud, mobile and social computing and server virtualization. At the same time, the emerging trend of software-defined networks (SDN) means that computing networks, like applications and infrastructure, are becoming ever more virtualized.
These dispersed and virtualized IT environments must defend against a rising tide of increasingly sophisticated attacks, with greater costs hitting those that fall victim. According to a recent study from the Ponemon Institute, the annual cost to remediate a data breach for the average U.S. organization was $8.9 million during the past year, up 6% from 2011. The rise in sophistication was demonstrated by this fall's wave of distributed denial-of-service attacks against many large financial institutions.
The upshot of these trends is that if cybersecurity is going to effectively protect and partition data and applications across all these virtual pathways, it will need to be embedded in the enterprise architecture.
In fact, borderless enterprises need a new cybersecurity framework and a corresponding cybersecurity architecture that can serve as a guide to implementing cybersecurity strategy and policies in a manner that ensures a consistent, well-integrated and cost-effective approach.
The main goal of the cybersecurity framework is to categorize the areas that should be secured. The framework outlined in the accompanying diagram addresses five logical domains -- users, data, applications, infrastructure and assets -- together with horizontal functions such as governance, risk and compliance; situational awareness; and security operations. Such a framework can help you migrate from tactical, point solutions to a more coordinated set of tools and techniques -- a system of systems approach that looks at the big picture. Actual frameworks will vary, depending upon an organization's industry and the countries in which it conducts business.
Once you have outlined your cybersecurity framework, it can serve as the reference for developing the accompanying architecture. The framework tells you what needs to be protected; the architecture defines the implementation of that protection in ways that are technically feasible and adhere to standards and compliance requirements. It needs to address broad questions, such as how to establish trusted identities, how to secure sensitive data, how to secure enterprise applications, how to secure cloud computing and mobile computing infrastructures, and how to secure the cyber supply chain itself, including all the people, processes and technology involved in conducting business in cyberspace.
- Mobile Next.0: Five business scenarios for the wearable, augmented-reality era
- The power of social automation
- The cybersecurity needs of the borderless enterprise
- Mining your organization for ideas
- Timing your move into disruptive technologies
- Investing for transformation in 2013
- Moving the new wave of technology from disruptive to productive
- Next up: The consumerization of business processes
- The IT paradox: A diminished role in technology, but greater clout in the business
- Innovation in the enterprise via social computing
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts