Flexicurity – The Balance between Business Security and Business Flexibility
The balancing act of a CIO is between business security and business flexibility. Too low or too high security and it turns out to be high on the threat factor or high on unproductivity – the result of inflexible blanket policies. So CIOs are after Flexicurity – the perfect balance between security and flexibility.
And Identity has everything to do with achieving Flexicurity.
That’s because threatscape has changed. External threats are targeting the individual user for financial gain – it’s organized crime out there; as for internal threats, employees, former employees, partners, suppliers and customers are making up the bulk of it, having their finger in 83 % of insider threats, according to IDG. Hackers constitute just 33 %. The data overlap is because there are times when both are involved – eg., when an insider falls victim to a hacker’s attacks.
So today, guarding your network is not a question of guarding your walls, but of knowing your users and controlling them from within. Considering that security incidents led to financial losses in 42 % cases and intellectual property theft in 35 % cases in the same survey, it is cause for serious concern.
And then there are regulatory compliance requirements which require strict access control mechanisms and audits. On the enterprise front, branch offices require as much security as the head office does to control security incidents. And that can be an expensive affair if one tries to replicate the head office security infrastructure. Integrated security appliances are the solutions for remote offices in particular and in many cases at head offices too, but one needs user visibility into branch activity too.
So identity has become the fulcrum that can balance business flexibility and security. Without identity, one ends up laying down blanket policies that are too strict or too lenient. And IP address-based reports, it is like searching for the needle in the haystack. With user identity in place, administrators can not just create policies based on the user’s work profile and hierarchy, but also view reports with the username. That gives a complete and instantly actionable picture of activity and threats.
This reality is what we are presenting at the IDG conference - CIO–09 The Year Ahead from 21-24 November in Singapore.
And Identity has everything to do with achieving Flexicurity.
That’s because threatscape has changed. External threats are targeting the individual user for financial gain – it’s organized crime out there; as for internal threats, employees, former employees, partners, suppliers and customers are making up the bulk of it, having their finger in 83 % of insider threats, according to IDG. Hackers constitute just 33 %. The data overlap is because there are times when both are involved – eg., when an insider falls victim to a hacker’s attacks.
So today, guarding your network is not a question of guarding your walls, but of knowing your users and controlling them from within. Considering that security incidents led to financial losses in 42 % cases and intellectual property theft in 35 % cases in the same survey, it is cause for serious concern.
And then there are regulatory compliance requirements which require strict access control mechanisms and audits. On the enterprise front, branch offices require as much security as the head office does to control security incidents. And that can be an expensive affair if one tries to replicate the head office security infrastructure. Integrated security appliances are the solutions for remote offices in particular and in many cases at head offices too, but one needs user visibility into branch activity too.
So identity has become the fulcrum that can balance business flexibility and security. Without identity, one ends up laying down blanket policies that are too strict or too lenient. And IP address-based reports, it is like searching for the needle in the haystack. With user identity in place, administrators can not just create policies based on the user’s work profile and hierarchy, but also view reports with the username. That gives a complete and instantly actionable picture of activity and threats.
This reality is what we are presenting at the IDG conference - CIO–09 The Year Ahead from 21-24 November in Singapore.
Labels: External Threats, Identity-based Security, Insider Threats, Network Security
posted by Harish Chib at
2:20 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
Links to this post:
Create a Link
<< Home