In a recent TechCrunch article, Just Like Everything Else In The Enterprise Space, Security Is About To Be Disrupted, the author argues that the momentum of change in enterprise technology will roll over this space as well. I’m going to tell you why simply shopping for a security vendor may not be enough.
The good old days
It was easy to lock down access when the organization owned everything inside the walls. Heck, before the Internet it was just a matter of securing the doors and windows. So much has changed. In most enterprise environments you have people:
- Working from home and the road
- Using their own mobile device and even laptop
- Storing information in the Cloud, and
- Putting sensitive data into Software as a Service (SaaS) applications
We can’t put the cat back in the bag on these issues. We’re just going to have to learn to live with it and choose our partners carefully.
Big, bad world
Beyond our users, there is a significant (and getting worse) problem with the behavior of those outside the organization. They’d like to get in, steal data, make a statement, you name it. An appliance approach won’t work and VPN’s and firewalls aren’t enough.
Frankly, those who would do nefarious things are growing in number and learning faster than the cyber police that provide protection for the enterprise. Think of Spy versus Spy without the two being equals.
And security vendors aren’t solving the problem. There are small startups that solve parts of the problem and established players that can’t move quickly enough to counter both threats and user needs. This is where things get interesting.
In this tough environment, there are things an organization can and should do. Known as Security Information and Event Management, or SIEM, it is no longer enough to check reports and diagnose a security problem long after the data has left the building.
Rest assured, I have an answer. I’ll call it my real-time security cake. Start with base of super-fast information connectivity under a layer of Big Data from network, database and application log files. Add a generous helping of analytics, pattern recognition, event management and response workflow.
Such a system looks for vulnerabilities and threats by pulling large amounts of historical information, correlating and analyzing to find threats, analyzing constantly for potential threats and alerting systems and people at the moments that count.
The icing on this security cake is a way to track compliance and ‘score’ the ability of the system to do what it is designed to do. There also needs to be a way to handle the ‘oops’ moments that is clear and effective. Auditors expect it and the public is unforgiving of an organization that is caught napping.
Baking it just right
This isn’t an easy thing. Too many alerts and vigilance drops. Too much information drowns out meaningful insight. Getting the balance right probably takes experts who’ve done it before.
Where things stand today, we can either put our heads in the sand or get started making the enterprise as secure as possible. It will be your gift to your organization.