Welcome!

Release Management Authors: Pat Romanski, Elizabeth White, David H Deans, Liz McMillan, Jnan Dash

News Feed Item

Research and Markets: "Information Security: Protecting the Business and Its Information Report" Contains In-Depth Research For 2009

Research and Markets (http://www.researchandmarkets.com/research/4f4a7c/information_securi) has announced the addition of the "Information Security: Protecting the Business and its Information" report to their offering.

CATALYST

The role of Information Security is to protect and support the safe delivery of business operations across all sectors of industry. That simple sounding challenge leads directly into a more complex conversation about what it is exactly that each organisation needs to protect. Business operations constantly change in order to meet evolving operational demands, additional data has to be maintained to sustain new activities, and the latest service and information delivery channels have to be brought on stream to facilitate fresh access demands. The security solutions that each organisation needs to deploy have to be capable of protecting the business from all external and internal threats. This involves securing systems and applications and the information that they hold. It also includes the protection of the vast range of users who require access to those facilities.

KEY POINTS

  • Data assets must be equally well protected from both insider and outsider threats.
  • A balance between value for money from corporate IT security spend and retaining a comprehensive level of business protection needs to be achieved.
  • The protection of sensitive data to avoid regulatory fines, unwanted publicity, and loss of brand value should remain a high business priority.
  • Business collaboration demands that security protection must be capable of operating across corporate boundaries.
  • Shrewd organisations are doing a lot more with their IT security assets than simply maintaining a defensive shield.
  • The components of an integrated security strategy extend to the provision of all forms of business, user, and information protection.
  • The security of endpoint devices involves users acting responsibly, as well as IT-based protection being available.
  • Organisational security policy must integrate consideration of remote endpoint use with all other aspects of security protection.
  • The Web, with its universal information accessibility, has enabled business to cut costs, increase operational efficiency, and deliver 24x7 serviceability, but with this comes a host of new threat opportunities.
  • The presence of unregulated Web facilities, including socially driven Web 2.0 products, is blurring the lines between the core business value of the Web and the unacceptable personal use of corporate resources.

ANALYSIS

Introduction

As IT and its security experts struggle to keep up with the challenges of protecting organisations from a vast range of ongoing threat activity, the operation of the business itself and its users now present some of the most significant areas of risk. Traditionally, the key issues of business protection have focused on securing organisations against malicious-outsider attacks, but now, with more emphasis being placed on the protection of corporate data and customer information, internal threats posed by employees and business partners must come into the spotlight.

Today, information users, and the facilities that organisations make available to them, provide the single largest and least-protected opportunity for data theft and accidental data loss. Poorly managed access controls to corporate systems, lack of regulation over Web usage that allows malicious malware to prosper, and pitifully weak influences over the movement of corporate data between end-user devices, all contribute to operational environments where information assets are being put at risk.

Business Issues The everyday use that is made of Web-based access and communications facilities provides universal information accessibility. It has enabled business to cut costs, supported increased operational efficiency, and delivered 24x7 serviceability. However, the growing presence of unregulated Web facilities, including socially driven Web 2.0 usage, is blurring the lines between the core business value of the Web and unacceptable personal use of corporate resources. This is a situation that cannot be allowed to continue unchecked and one where the security team must be allowed to regain control.

When considering all the communications and information access channels that are regularly used today, a common theme emerges. E-mail and Webmail, open Web access, the use that is made of video conferencing and electronic meeting rooms, and portal-based personalised access to company data, are all channels that are driven by an ease-of-use demand on business. Usage is quite rightly determined by time-saving efficiency requirements, but also along with these undeniable gains come a range of threats that strike at the sustainability of the business itself. This includes the requirement to properly control access to sensitive data: a position that needs to be emphatically supported in order to avoid fines for regulatory or legal non-compliance, keep away from unwanted publicity and the perception that the organisation cannot be trusted, and also to address brand-value losses that must remain a high business priority.

The outward extension of business operations, in order to support collaborative initiatives, adds value to the business efficiency paradigm. A significant part of the associated value-add proposition comes from the facility that each of the participating organisations has to see operational information that is owned by their partners. However, within such relationships each collaborating organisation remains responsible for all of the data that it gathers in and owns. Therefore, regulatory as well as straightforward operational responsibility dictates that security protection must be capable of operating across corporate boundaries.

There is no questioning the fact that trading conditions are difficult for all types of organisation, and that there is an obligation to deliver more value while utilising fewer resources. There is little appetite for increasing budgets for additional IT spend across any operational areas, let alone that of security which continues to be seen as a burden rather than as the provider of business continuity, risk management, and regulatory compliance that it should be. As such, a balance between value for money from corporate IT security spend and retaining what many CIOs and Chief Information Security Officers (CISOs) describe as good-enough levels of business protection needs to be achieved. The required goals are to ensure that information-driven, competitive initiatives can continue to be deployed and, where appropriate, businesses can carry on securely sharing information.

Technology Issues Starting out with the absolute requirement that an organisation's information assets must be equally well protected from both external and internal threats, brings with it a recognition that the technology and process requirements to achieve these objectives need to be both wide ranging and comprehensive. They need to be wide ranging because systems, applications, users, and information sources can be required to operate across different locations, geographies, and time zones on an all-day, seven-days-a-week basis, and comprehensive because any identifiable vulnerability is likely to be targeted in the first instance; malware writers and anyone else with an interest in making illegal use of an organisation's data are not looking to break through a hardened security shell if an easier route can be found.

Over the last five years, security experts have consistently spoken about the way that new technology initiatives - Internet access, real-time trading, mobile working, Web 2.0 usage, the list is endless - have continued to undermined the effectiveness of core security technology. Terms such as 'deperimeterisation' and the erosion of corporate boundaries have been used to describe how organisations have expanded and at the same time fragmented the logical borders of their operations. What this means from a pure security perspective is that defence in depth becomes more difficult to achieve. Data that would previously have been securely hidden behind the corporate firewall is being made available to a wider audience. Copies of company and customer files can be downloaded to mobile devices for use in remote locations. Real-time communications channels allow data to be moved around at wire speed.

Butler Group is certain that the answer is not to deploy more protection technology, but recognises that it requires smarter organisations to work more effectively with their IT security assets. The defensive shield still has its place to protect against an increasing range of threats and needs to maintain both signature and zero-day, behaviour-based response capabilities. That notwithstanding, the bigger functional picture for IT security now includes the need for systems protection, data protection, and user and usage protection. It requires business to conform to regulatory compliance mandates which dictate what can be done with specific data types, puts specific responsibilities upon data owners, and demands that users of business systems are adequately protected against data breach activity.

High-profile examples include Payment Card Industry Data Security Standards (PCI DSS) compliance to ensure that the processing of payments is secure enough to prevent fraud through increased controls around data and its exposure to compromise. In the US Healthcare sector Health Insurance Portability and Accountability Act (HIPAA) regulations require service providers to protect electronic transactions in order to keep patient information private. Sarbanes-Oxley (SOX), Basel Capital Accord (Basel II), The European Data Protection Act, and a whole host of other regulations all have protection roles to play as part of their respective mandates.

The impact that all of these new business initiatives, new generation systems usage, and new regulatory demands have is to determine that the components of an integrated security strategy have to conform in providing all forms of business, user, and information protection. The starting point involves understanding the protection needs of the business, its risk profile that is based on the sensitivity of the data that it holds and the user access that it allows, and its end-to-end protection needs. The technology role has to start with the data itself, utilising the ability to discover sensitive data sources and take policy-based user and usage actions - to control which users can access what data, what they are allowed to do with that data, and when and from where access is allowed. The technology imperative involves data, user, and systems protection. It incorporates the use of data protection, Web and messaging protection, network security, endpoint protection, identity management and remote access security, and reporting and security management. The technology that organisations select needs to be effective, flexible, and capable of working in enclosed, collaborative, and also virtual environments.

Market Issues From recent discussions with CIO- and CISO-level staff, there is general agreement that current difficult trading conditions have not as yet put a stop on existing security projects. However, constraints on spending are putting a real strain on resources, and projects are taking longer to complete. It is also recognised that future project authorisation decisions are slowing, that senior management scrutiny is becoming more intense, and that there is a significantly increased focus on being able to prove business benefits and investment returns.

Overall, future business demands are for general headcount reductions, lower budgets, and a focus on delivering fit-for-purpose security solutions rather than selecting premium-rate, best-of-breed offerings. What this means to the security industry as a whole is an overriding requirement to provide value-for-money solutions. In Butler Group's opinion, the security vendors that can be expected to perform strongly will be those that have already developed integrated technology offerings that go beyond baseline security: security vendors, such as McAfee, Symantec, RSA, Trend, and Websense, that are capable of addressing the key areas of Web and data protection; and vendors such as CA, IBM, Microsoft, and Sophos that already have integrated solutions in place that can be deployed to address core business-continuity as well as protection demands.

Going forward, key security requirements will involve providing the ability to deal with all forms of fraudulent activity, including those driven by cyber-criminals utilising the latest Software-as-a-Service and Fraud-as-a-Service attack approaches, as well as protecting against the growing range of insider threats that proliferate as companies continue to reduce their staffing levels.

As for the security issues surrounding the use of new technology - cloud computing and the issues around virtual computer operations - senior CIOs and CISOs were somewhat scathing about the current hype that surrounds the whole subject area. They consider that better usage and protection definitions are required for software capabilities, standards, and service delivery and have specific concerns in areas such as data protection, resource sharing, and identity management.

The Decision Matrix The Butler Group Information Security Decision Matrix has been produced to assist those responsible for the organisation's enterprise security strategy, its architecture and components, and product selection. Butler Group conducted detailed discussions and fact-finding exercises with the providers of market-leading security offerings. We then combined this insight with 'User Sentiment' and 'Market Impact' data gathered by Datamonitor to produce the Butler Group Decision Matrix.

In the production of this Report, IT managers, CIOs, and CISOs across North America and Western Europe were asked to rate the technology vendors they deal with against a range of categories, including product quality, customer support, service capabilities, and vertical specialisation. The combination of Butler Group's technology questionnaire with Datamonitor's User Sentiment and Market Impact data, puts the reader in a far better position to make a balanced and informed decision when considering their Information Security needs.

The Butler Group Decision Matrix presents a view of the Information Security market based on three factors: Technology Assessment, User Sentiment, and Market Impact. The Decision Matrix offers a snapshot view of the market as it stands today, and indicates those security vendors that, in Butler Group's opinion, organisations should shortlist, consider, and explore. The results of Butler Group's in-depth research are summarised in the table below. Vendors are listed in alphabetical order within each category.

Key Topics Covered:

  • Section 1: Management Summary
  • Section 2: Introduction and Business Perspective
  • Section 3: Data Loss Prevention
  • Section 4: Web Security
  • Section 5: Endpoint Security
  • Section 6: Market Analysis
  • Section 7: Vendor and Product Profiles
  • Section 8: Glossary

Companies Mentioned:

  • Aladdin Knowledge Systems Ltd.
  • BigFix Inc.
  • Bloxx
  • Blue Coat
  • CA
  • Check Point
  • Cisco Systems, Inc.
  • Clearswift
  • Code Green Networks
  • F5 Networks
  • Finjan
  • IBM
  • Juniper Networks
  • Kaspersky
  • McAfee
  • Microsoft
  • PGP Corporation
  • RSA
  • Safend
  • SmoothWall
  • SonicWALL
  • Sourcefire
  • Symantec
  • Tier-3
  • Trend Micro
  • Tripwire
  • Tufin
  • Voltage Security
  • WatchGuard
  • Websense

For more information visit http://www.researchandmarkets.com/research/4f4a7c/information_securi.

Source: Butler Group

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...