Enterprises Need New Security Approaches

March 2, 2006

he threats to corporate security are numerous, complex and unfortunately growing. The need for security has blossomed as our business practices have become more global, more fluid and have increasingly extended beyond the physical walls of the corporation. No longer are discussions about border attacks on a corporate network or worm and virus protection enough when it comes to corporate security. The sophistication and complexity of attacks from hackers are getting harder and harder to deal with. New business models are emerging to drive business growth and improvement in the bottom line, but they bring with them opportunities for new security risks.
Today, in the current global economy, corporations need to be sure they are building a comprehensive security approach that covers physical and logical security threat and processes to manage them. At the same time the expanding definition of identity management and the need to meet regulatory and corporate compliance efforts are forcing business leaders to rethink security. Upside Research believes that it is important for enterprises to have a full understanding of the latest security issues and risks their companies face and to develop an actionable plan for incorporating the necessary security measures to ensure success.
A solid security approach is one that follows a continuous loop of evaluating and assessing security needs, planning and building improved security measures and managing those security programs once they are implemented. Because security is such as fluid, fast-moving area for the enterprise, it is important to understand that a corporate security framework needs to be continually changing and adapting to the changing security landscape. Therefore, building constant feedback and input into the security model will help organizations to keep up with the latest security developments.
IBM Announces Two New Security Offerings Understanding the challenges that many enterprises face on the security front, IBM recently announced the addition of two new products for corporate security. The IBM Information Security Framework is an intellectual asset for organizations to use to build a comprehensive security plan that will address both the business risks associated with specific situations as well as the corporate risk-level and level of comfort for managing those risks. Using the framework, managers can identify what risks they face, and make informed decisions about how to address those risks. The framework helps enterprises identify the capabilities that are necessary to implement and prioritize security efforts, and measures improvements that result from the resulting security initiatives.
Another area of security that many organizations are paying increased attention to is identity management. IBM announced its Identity Management Services, designed to assist organizations in more effectively managing the entire identity lifecycle. Historically, identity management has been focused on managing user ID’s and passwords. However, in today’s fluid business environment, identity management extends beyond password management to enabling businesses to manage their access control from a physical and logical standpoint, incorporating new security technologies that go far beyond the scope of passwords and user ID’s. Additionally, many organizations are grappling with increased regulatory compliance, and they need to create security systems that support the latest regulations. IBM’s Identity Management Services are designed to assist organizations in managing and optimizing the entire identity management lifecycle.
Upside Uptake
Upside Research believes that the right approach to security isn’t just about sinking money in to prevent problems and looking around the next corner for trouble. It’s about understanding, quantifying, and measuring your current level of risk — both from an IT and business perspective – in appropriate areas, and then planning accordingly. Rather than throwing money or products at the problem without really understanding what that problem is, organizations should spend the time to assess their current security risks, and make informed decisions about where they should invest in security measures first. IBM has demonstrated a similar approach to security, and with Information Security Framework and Identity Management Services, customers can effectively assess their risks and act on that assessment.
IBM’s announcement addresses security from a number of critical angles. Because it is focused on the business-related aspects of security, Upside Research believes it does a good job of avoiding the technology trap, where new technologies and services are released for their own sake, rather than being tied to the direct goals of the business.
There is no question that enterprises are struggling with larger security problems, and offering frameworks and services that tie results back to the business goals is an important strategy for IBM to adopt. The framework avoids being too theoretical by providing organizations with a focused way to determine their security status and offering actionable ways they can improve their security. That being said, it still may be overwhelming to some organizations that are not as security-savvy as others. IBM provides an extensive list of products and other partners it works with to assist organizations in overcoming any trepidation. The key for the organization is to be sure to verify IBM’s ability to work with any existing products it has in place already.
The Identity Management Services offer a comprehensive portfolio of capabilities that will benefit a wide range of enterprises. As IBM has reported, many of its customers have been able to utilize the services to perform discrete and independent identity management projects. This is an important distinction to make, and Upside Research believes it is a particular strength of the offering, because it enables customers to target the exact areas where their identity management needs are most pressing.
Offering discrete solutions and components is particularly helpful for those enterprises that may be further behind the entire security curve than others. Tapping into IBM’s expertise in the security area enables those enterprises to adopt a solution that meets their current need but also fits into a larger overall identity management lifecycle, something that is nearly impossible to achieve with point solutions from niche vendors. Additionally, customers can choose whether outsourcing the identity management piece of their security infrastructure makes sense for their situation, and IBM is prepared to provide those services if necessary.
As we stated earlier, Upside Research advocates that enterprises spend the time to understand, quantify, and measure their current level of risk, and then develop an appropriate plan of attack. With its Information Security Framework and Identity Management Services, IBM is an experienced partner that can help overcome many of the security burdens that today’s computing environment presents.

Share

Comments on this entry are closed.

Previous post:

Next post: