Balancing the Need for Access and Security in the Age of IT Consumerization
November 21, 2012 Leave a comment
- Trends such as the ‘bring your own device’ (BYOD) movement put more IT power into the hands of end users. However, making IT resources more accessible can significantly increase the risk of breaches.
- Having a handle on data security in what today are extremely porous environments requires more than sophisticated technology; enterprises also need to have the right policies and practices in place to avoid the most prevalent cause of incidents: human error.
Access is everything in IT today, with organizations placing a premium on the ability to tap into enterprise resources from virtually any location and a multitude of different device types. This extensible approach to enterprise IT is meant to support more productive and agile operating models. However, for all the potential value technologies such as mobility can bring to an organization, there is also risk associated with allowing end users and their often unmanaged devices rights to direct entry to critical resources.
Most enterprise IT organizations are keenly aware of the critical need to protect assets from risks associated with the more open and flexible device-centric IT consumption models that are popular today. Even in this era of tightening IT budgets, security spending remains a high priority as organizations try to fill in gaps in their own internal resources with sophisticated security tools and services.
The aim is to find a happy medium that balances the mandate for accessibility and the absolute requirement for effective security. To achieve this, enterprises are leveraging a host of cutting edge technologies that identify vulnerabilities and mitigate risks before they interfere with operations. Relying on techniques such as pattern matching, heuristic analysis, and cryptography, along with advanced solutions such as intrusion detection/intrusion prevention systems or unified threat management, IT organizations are hoping to protect assets without limiting operating flexibility.
As beneficial as many of these technologies and solutions can be, truly effective security starts with having well-thought-out policies that involve IT administrators, line-of-business managers, and end users. Particularly, as organizations adopt more virtual operating models, where end users have greater access to and control over IT resources, it is essential to have the right procedures in place to avoid the most common source of security breaches: human error. Simply documenting these practices is not enough; organizations need to communicate them clearly, educate end users on how these policies apply to them, and enforce their execution. Only then can an organization declare it has an effective security strategy.