Balancing security priorities with business flexibility and agility is a tough challenge. But it’s a challenge every executive management team faces as it strives to drive business growth, achieve competitive advantage and maximise operational efficiency.
Security breaches mean lost IP, compromised customer information and confidence, and valuation impact. For those responsible for setting security strategy and operating policies, there is temptation to do whatever it takes to reduce risk. But if you simply restrict the business, you hamper business innovation.
As business environments change, security infrastructure must change to enable business success. Whether you’re operating under increased risk from advanced targeted attacks; or transitioning to the cloud; or using mobile devices for productivity, agility and efficiency, the end result is the same: you need to adapt your security infrastructure in lock-step. You can’t afford to leave gaps in protection that today’s sophisticated attackers exploit. At the same time, you can’t keep adding complexity with disparate security solutions that don’t work together.
Adapting to changing business conditions
So what can you do as a cyber security professional to enable the enterprise with the flexibility and protection it needs to move forward with minimal risk? You need a security approach that fits and adapts to your changing business environment.
Here are a few questions to ask vendors when determining if a solution will offer you choice, flexibility and effective protection in the future.
1. Can I access security solutions in a way that meets my business objectives? Even if you don’t need all the options beginning day one, the solutions should be available as physical, virtual, cloud and managed services offerings. Hardware, software and services form factors should work together seamlessly and be transparent to the user.
2. How do you support integration with other, complementary solutions and to what extent? Most approaches to integration let you gather data from various sources at a point in time and analyse it, but typically can’t correlate and translate that data into actionable intelligence. A tightly integrated enterprise security architecture lets you enforce security policies across control points, even without manual intervention, so that you can contain and stop damage and prevent future attacks.
3. What type of deployment flexibility do you offer to expand solutions to address new attack vectors and threats as they emerge? Being able to deploy additional security functionality as needed (for example, next-generation intrusion prevention, application control, next-generation firewall and advanced malware protection) as part of an end-to-end security architecture offers flexibility to meet security needs today and into the future. If this functionality is available via software enablement versus buying another appliance, then provisioning and management is more efficient and requires fewer resources on your part.
Attracting and retaining top talent
There’s collateral benefit to ensuring your organisation is protected as it evolves: attracting and retaining cyber security professionals. Being part of a security team that is focused on protecting the latest business models with technologies that address new attack vectors and sophisticated threats is attractive to join and hard to leave.
Supplementing these technologies with regular training and certifications is a must. Ongoing professional development not only gives security staff the opportunity to keep their credentials up to date, but also ensures that you are getting the most value from your security investments with a team that knows how to optimise these technologies for maximum-security effectiveness.
Selecting an approach to security that offers the flexibility to adapt to your changing business environment lets you better protect the business while enabling innovation and change. Those technologies can also become an important advantage in recruiting and keeping talent. With the right approach in place you can foster a security environment that satisfies everyone – from the boardroom to the break room.
Ammar Hindi is managing director, Asia Pacific and Japan at Sourcefire, now a part of Cisco.