Smart Enterprise Magazine

Volume 6, Number 3, 2012

Issue link:

Contents of this Issue


Page 10 of 23

Express SafeKey. All aim to improve the security of card trans- actions over the Internet. CA eComMinder, a solution from CA Technologies, is used by over 12,000 financial institutions to protect transactions of 150 million cardholders worldwide. Single sign-on is another enterprise security solution that is being extended to mobile devices. Inside the enterprise, single sign-on helps simplify employees' access to multiple platforms and websites. Instead of using multiple usernames and passwords, employees can log in to all sites and platforms with just one doubly secured user-ID/password combination. Outside the enterprise, the same technology is helping companies secure Internet shop- ping carts and other transactions. Big Data, Bigger Security Big data, the massive proliferation of data coming in from a wide range of sources — including mobile devices, social media, Web logs and scientific research — could well be the next frontier for IT and business innovation. Data analysis, powered by new data- analytics tools, can transform tons of raw data into actionable information for the business. Yet all that data requires new, high levels of security. For one, before big data can even come into a system, it must be well-vetted for security issues. The volumes may be enormous. Gartner forecasts that by 2016, enterprises will be actively analyz- ing data sets as large as 10 terabytes. To secure big data, Axway's Security Solutions Group is col- laborating with CA Technologies and using several of its solutions, including CA CloudMinder™ , CA IdentityMinder™ and CA Advanced Authentication. "There needs to be tremendous awareness about securing and controlling that data, and about elevating the secu- rity technology aspects around identity and access tied to that data and content," Thielens says. One side benefit: While Axway is not in the business of data analytics, it can now position itself as a provider of big data enablement and protection services. "Some of our largest custom- ers — be they banks, healthcare or government agencies — have been moving around huge amounts of data on our platforms for years now," Taylor says. Cloud computing is another hot topic for security-enabled business innovation. One area of special concern, say security experts, is the selection of a cloud service provider. It's important that CIOs not just hire the service provider, but also work with the provider to create a detailed security plan. CIOs should also monitor the service provider's security technologies, processes and services for compliance. At CNO, Director of EIS Tesnar wants his team to be what he calls the "governator" — the protector of enterprise assets in the cloud. "We're plugged into the cloud sourcing process," he explains. "So when the enterprise looks at a cloud service provider, we have the opportunity to be involved up front, to ask the tough questions, and to make sure our data will be as safe as possible out in the cloud." Similarly, Soto's Comcast team works closely with the business units on all vendor assessments, including cloud service providers. That, she says, ensures that all third-party services, regardless of function, are adequately secured. "This is how our security group maintains operational monitoring, vulnerability management and overall security assurance," she says. "It also helps us demonstrate confidence in cloud deployment — and accelerate adoption of the cloud for the business." Going Mobile — Safely Which information-security safeguards does your organization have in place? Security strategy in place for View two additional charts: Feeling Lucky? and Security Calling. employee use of personal devices 43% Security strategy in place for mobile devices 37% Security strategy in place for social media 32% 0% 10 20 30 40 50 DATA: PwC, "Global State of Information Security Survey," survey of more than 9,600 business, IT and security executives in 138 countries, Sept. 2011 What about all those employees who are tweeting, Facebooking and otherwise posting proprietary content online? Think that's secured? Think again. More impor- tant, CIOs should work to secure social media, in part by creating business policies that control social media activity. At some organizations, employees with technical issues have posted confidential information on social media sites, apparently unaware that such information can be easily copied and pasted anywhere. "We're seeing company after company, and employee after employee, doing this," says Mark Lobel, a Principal in PwC's advisory practice. "It's kind of shocking, frankly." Oversharing Also shocking is the way staff at companies may unintentionally reveal details of impending mergers and acquisitions with seemingly innocent posts on social media sites. Lobel explains: "Let's say an executive named Tom indicates on LinkedIn that he works in mergers and acquisitions and then 'checks in' on Foursquare while sitting in a cafe in the lobby of a major public corporation. If someone puts together those two facts, is Tom guilty of breaching confidentiality that leads to insider trading?" In this instance, Lobel adds, Tom is unwittingly "oversharing" information. Malicious people who aggre- gate online information for criminal purposes can take advantage of this oversharing. The solution? Strong acceptable-use policies for all employees covering all social media. That's something Soto, who has already put in place policies at Comcast, says can be a moving target. "We are finding this to be a very dynamic area," she says. "It will require continual revision — even awareness training." Today, the new normal for IT is one in which the business wants innovations driven by mobile technology, cloud computing, social media and big data. And, it's an environment in which all those technologies provide a constantly changing security challenge. "These are all evolving at such a rapid pace," says Tesnar at CNO, "that it's tough for a security practitioner to keep up." New and innovative technologies, combined with equally innovative practices, can extend the borders of the busi- ness, and do so safely. "That way," Tesnar says, "we can continue to be the business enabler we want to be." n LARRY LANGE is a freelance writer and a former Senior Editor at TechWeb,, EE Times and IEEE Spectrum. 2012 • SMART ENTERPRISE 11

Articles in this issue

Links on this page

Archives of this issue

view archives of Smart Enterprise Magazine - Volume 6, Number 3, 2012