Smart Enterprise Magazine

Volume 6, Number 3, 2012

Issue link: http://www.smartenterpriseapp.com/i/87323

Contents of this Issue

Navigation

Page 9 of 23

What's more, CIOs are finding that IT secu- rity, applied correctly and preemptively, can be a secret weapon for empowering the busi- ness. "The days are over when CIOs had to go begging to make the CEO understand that security is important for the business and not just a cost," says Ram Varadarajan, General Manager, Security Innovation and eCommerce Strategy at CA Technologies. "Business should be viewing security as a true enabler of business — something that will ultimately provide more convenient and reliable services that can grow the business." Yet when it comes to adopting this new approach to security, many organizations still have a long way to go. Last year, 45 per- cent of respondents to a PricewaterhouseCoopers (PwC) security survey reported between one and nine incidents, up sharply from just 25 percent in 2007. The PwC survey reached more than 9,600 respondents — including CEOs, CFOs, CISOs, CIOs and other IT executives — in nearly 140 countries. The survey also found that system exploits rose by more than 35 percent over the previous year, network exploits (including network worms and "finger" services) rose by nearly 15 percent, and "human" exploits (social engineering) rose by 35 percent. Nearly 60 percent of respondents said they had no security strategy or policy for social media whatsoever. That lack of preparation can be expensive. Ponemon Institute, an independent research firm specializ- ing in privacy, data protection and information security policy, estimates that the cost to a typical company of just one compromised record comes to $194. Multiply that times the number of records — a single attack may include thousands — and the losses begin to mount. Worse, says Larry Ponemon, the company's Chairman: "Our recent findings show that security doesn't make the top five of CxO concerns — in fact, not even the top 10." But for CIOs who understand IT security's role in business innovation, the benefits can be large. Axway, a Phoenix, Ariz.-based software and services provider, is working with CA Technologies to provide DropZone™ , a secure file- Other companies are working with CA Technologies to brain- storm business innovations powered by IT security, says Kaine. A large vending-machine company, for one, is in discussions with the solutions provider to transform "dumb" vending machines into what Kaine calls "incredibly smart" ones. Soon, when a thirsty customer walks up to a vending machine, he or she will simply wave a smartphone close to an area of the machine that uses near field communication (NFC) technology. The vending machine will respond by looking up the person's preferences, then automati- cally delivering the desired drink and taking the payment. "This is real Jetsons-type stuff we've dreamed about," Kaine says. "But now it's becoming reality." Mobile Method One major driver of IT security's new role is the proliferation of mobile devices. The culture of BYOD — short for "bring your own device" — raises new security challenges. John Thielens, Axway's CSO, says BYOD is also driving a wave of "reculturalization," challenging IT organizations to reinvent themselves. "BYOD has forced us as technologists to realize we can't focus just on controlling the infrastructure, as we once did," he says. "Now we have to focus on securing the data itself. We have to tap into how and where the data is flowing dynamically, as well as on classifying that data securely." Data is also a top security priority for Ben Tesnar, Director of Enterprise Information Security at CNO Financial Group, a financial services provider based in Carmel, Ind. "The scope of information security should evolve to focus primarily on the data," he says, "and how to protect data across any platform or any channel — and on any device that's located anywhere." That's a lot of variables. Yet in a recent survey of more than 4,600 IT and information security professionals in 12 countries, more than three quarters of the respondents said they sharing service for enterprise customers through Cloud Commons® Marketplace from CA Technologies. DropZone is a kind of secure DropBox for the enterprise. It will let employees cre- ate special folders on their computers, then have those folders automatically synchronized to appear — with the same contents — on the devices of authorized co-workers and authorized external collaborators, complete with both the security benefits of encryption and centralized policy management. Soto and her colleagues at Comcast are helping create a new SINGLE SIGN-ON KEEPS IT SIMPLE Click to read how this access approach secures mobile and online applications, too. believe BYOD is important to achieving the objec- tives of the business. The survey, conducted by the Ponemon Institute, also found that fewer than 40 percent of IT and security executives believe they have the necessary security con- trols in place. cultural mindset around innovation. The company's IT-security experts also contribute to the Idea Factory, an invention and patent program that helps Comcast explore opportunities for innovation — with the support of the business. Soto says this has led to many security-related patents for Comcast, which can help grow the business, including some that will boost the security of game consoles by connecting them to Comcast's mobile and cable infrastructures. "This is a key imperative for us," Soto adds. 10 SMARTENTERPRISEMAG.COM One of the most effective ways to keep data secure is to simply secure mobile devices. One unfortunate aspect of BYOD is that mobile devices are easily lost or stolen. That can give hackers and thieves access to the corporate data and accessibility associated with these missing devices. Identity and access management (IAM) is an enterprise security solution that many believe has huge potential for protecting mobile devices — and the systems they dial into as well. Mobile IAM can help determine whether user John Doe on a smartphone is the same John Doe who is authorized on your system, and whether he is authorized to use the database or system he's requesting. "Strong IAM needs to be flexible enough to cross all physical boundaries where devices and platforms are located, no matter where they are," says Tesnar of CNO. Similar technology is behind several credit-card programs, including Verified by Visa, MasterCard SecureCode and American

Articles in this issue

Links on this page

Archives of this issue

view archives of Smart Enterprise Magazine - Volume 6, Number 3, 2012