Information security goes mainstream
Weak link in security—the supply chain
Information sharing is the norm rather than the exception today, both among employees within an organization and with outside organizations. Along with mobile devices, the supply chain is a point of vulnerability. “Once supply chain information leaves your organization, you don’t know what is being shared and what is being protected,” says Durbin of the ISF. “Tracking it is a massive task and has often been managed by departments well outside of IT, such as procurement.”
It’s not just information about material goods that enters the supply chain; intellectual property associated with the products also goes to third-party suppliers. “Information, such as patent data or formulas for pharmaceuticals, is shared with lawyers and accountants,” he says. Analyzing the risks to information in the supply chain can help focus resources on mission-critical data. In addition, Durbin advises companies to work with their vendors to ascertain how they are protecting information, and to consider putting security requirements into the contracts they write with suppliers.
From critical to core
Achieving the right balance between business needs and information security requires a fundamental shift in attitude, according to Suni Munshani, CEO of Protegrity. “Rather than thinking of data as something they own, business owners need to come to term with the fact that they are custodians of data that needs to flow and be managed,” Munshani says.
Protegrity’s products focus on encryption and tokenization, to secure the data itself rather than the network environment. “Tokenization provides visibility to the flow of data without putting the data at risk,” Munshani explains. “Data is not just critical to business; it is core, the essence of a company’s function. It tells the company when a particular individual will be going to a store, for example, and what they will want to buy when they get there, so the company can generate the right offer.”
Big data is a major part of that flow, and the more customer data that is out there, the more it needs protection. “As big data gathers momentum, incorporating security into planning and processes in the early stages of a project will become more important,” Munshani says. A new product called Protegrity Avatar for Hortonworks is designed to secure individual data elements while managing and monitoring the data flow in Hortonworks, an enterprise Hadoop data platform. “The big data revolution is just getting started,” adds Munshani, “and will present major security challenges if its data management is not carefully planned.”
Putting the security puzzle together
In most cases, organizations need to deploy more than one security solution, because the threats are many and varied. “Most companies use a best-of-breed strategy,” says Packer, “picking out the strongest solutions for their needs.” But does any one person see the big picture? “I’d like to say there is someone doing this,” he says, “but even within the IT department, there is a lack of understanding of all the pieces and how they fit together.”
Whether defending their website from intrusions, keeping applications running or protecting data elements, organizations are faced with an increasing number of threats and a complex security environment. Awareness at every level of the extended enterprise will be essential to minimizing the adverse impact of security incidents.