The need to protect data and information
As an industry we have done a very good job of defining a secure infrastructure. While there are challenges in each enterprise when it comes to implementing and maintaining it, there is an excellent framework that every organization can work toward.
Even though the game is changing, many in the industry have continued to embrace the concept of a secure infrastructure and have tried to evolve it to fit the new security paradigm facing the industry. This evolution has consisted of trying to emulate the secure perimeter in a world where that perimeter is increasingly fluid and can change very quickly. The introduction of numerous portable devices and access methods create what might be described as a variable perimeter. This variable perimeter has been extremely difficult to define and even more so to implement, maintain and adapt with constant change that is more the norm than the exception in today's business climate. Add to this the ever-changing mix of customers, business partners and suppliers and the fact that at any given time an organization can have all of these relationships with another organization, leaves us with the inescapable conclusion that it is the information that needs protection, not just the infrastructure that houses and transports the information throughout its lifecycle.
When those of us who have been in the industry for many years came to this realization, some earlier than others, it was an epiphany to be sure. Once over the initial shock, a natural question for a security practitioner might be to ask "How in the world do I do that?"
Before we can develop an intelligent answer to the "how," we need to have a better definition of the "what" and the "where" in this new reality. Information leakage has been happening for years and is not a new issue. What is different now is that there are a lot more people seeking to acquire information through illegitimate means. There are a lot more methods by which this can be accomplished and there are more regulations requiring organizations take the proper steps to keep this information leakage under control. Lastly, there are an ever increasing array of penalties and consequences for those organizations unable to or unwilling to comply. These trends will continue, so it is in everyone's best interest, except of course "the bad guys", for the industry to evolve with the times and get in front of this issue sooner than later.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.