Security professionals occupy a unique position in business today, the place where business needs intersect with security needs. They constantly face a tradeoff between high levels of security and an acceptable level of risk in order to create an environment that protects critical information yet enables key business processes.
Unfortunately, security professionals are sometimes viewed as standing in the way of innovative business initiatives, especially when those initiatives open up sensitive corporate data to external users, including mobile employees, partners, and contractors. Security is often seen as an inhibitor to worker productivity. The current economic climate has only increased the finger pointing.
At the same time, many security professionals are frustrated by having to confront a steadily increasing threat environment with no additional resources. After all, when security professionals successfully protect the infrastructure, management doesn’t see the need for additional resources.
This article looks at strategies security professionals can use to demonstrate the ROI for proactively preventing data breaches.
As every security professional knows, in a world where information is everywhere, it’s harder than ever to defend it against targeted attacks and prevent its misuse by well-meaning or malicious insiders.
For one thing, data breaches are rising in frequency and cost. As of October 2009, 403 data breaches had been reported for the year, exposing more than 220 million records, according to the Identity Theft Resource Center. A recent study by the Ponemon Institute fixes the average cost of a data breach at $6.7 million.
While management perceives external threats as the primary focus of IT security activity, insiders now pose the biggest threat to data. Lost and stolen laptops, portable storage, layoffs, inefficient business processes, and outsourcing all increase the risk of data loss. Well-meaning insiders continue to represent the bulk of data loss incidents with 88% of all data loss incidents caused by insiders such as employees and partners, according to The Ponemon Institute. Another Ponemon Institute study found that 59% of employees who lost or left a job admitted to stealing company data.
While organizations are increasingly focused on blocking external threats, it’s clear that more needs to be done to prevent sensitive information from leaving an organization. That’s a message that business management needs to hear right away.
Managing internal threats to information is one thing. There’s also the challenge of managing all of the new computing devices that are accessing the network. The typical enterprise today contains a steadily increasing number of smartphones, Flash drives, PDAs, laptops, tablet, and desktops. Symantec estimates that four out of five companies have lost data through laptops, and half of all companies have lost data through USB drives.
In general, security teams have responded to this development by adopting what can be called a scattered approach, drawing on various point solutions from different vendors. But a scattered approach to enterprise security is problematic. It’s costly to implement, complex to manage, and not as effective as it could be.
Instead, enterprises need to create a protected endpoint and messaging environment that is secure against today’s complex malware, data loss, and spam threats, and allows quick system and data recovery in the event of failure. It must enable organizations to reduce the cost of securing their environment and more effectively manage the risks inherent in today’s IT infrastructures with proven endpoint, messaging security, and system recovery technologies. Ultimately, an effective IT security strategy needs to reduce complexity, secure completely, and enable business to move forward.
Symantec Protection Suite Enterprise Edition provides advanced threat prevention that protects endpoints -- laptops, desktops, servers, and mobile devices -- from targeted attacks and attacks not seen before. It includes technologies that automatically analyze application behaviors and network communications to detect and block suspicious activities, as well as administrative control features that allow organizations to deny specific device and application activities deemed as high risk. Symantec Protection Suite Enterprise Edition gives IT professionals the peace of mind to know that only approved devices can connect to the network.
Managing and protecting every device in an enterprise isn’t easy. But an enterprise puts itself at risk if its IT organization lacks the visibility to protect the business’ sensitive information, wherever it may be. Such visibility isn’t possible with a patchwork of security point products.
Increasingly, smart companies understand that preventing data breaches involves taming the complexity of their IT infrastructure.
Think about it: Today’s enterprise infrastructure is a hive of heterogeneous technologies. There are servers supporting a wide range of operating systems, storage, and hardware from multiple vendors, scores of unique applications and databases, and tools from numerous vendors.
In fact, the latest Symantec State of the Data Center Report
, released in January, finds that data center complexity is at an all time high, with a host of new technology initiatives keeping IT managers busy. Changes to the network fabric, increasing applications, and more demanding SLAs are combining to make life difficult for data center managers.
But as IT managers worldwide have learned, heterogeneity exacts a price: A customized environment that has been created to meet specific business requirements is complex and expensive to manage.
It’s also more susceptible to attack. Traditionally, enterprises have tried to address their security risks with multiple “best of breed” security products from multiple vendors. But the lack of central visibility and process control across technology silos has become a major challenge. So despite significant investments in security products, many organizations remain at risk from data breaches and targeted attacks.
Smart companies simplify their security management by deploying fewer products with more capabilities. And they’re standardizing their IT environment, systems management tools, and configurations to improve operational efficiency while reducing cost, complexity, and downtime.
As Deepak Mohan, senior vice president, Information Management Group at Symantec, puts it: “Standardizing on cross-platform solutions that can manage new technologies and automate processes will drive immediate cost reduction and make their jobs easier in the long run.”
Bottom line: Preventing data breaches requires multiple solutions that work together to solve the problem. This means much more than defense-in-depth. It means that the solutions you deploy – whether to monitor information, protect endpoints, check technical controls, harden core systems, or provide real-time alerts – must be integrated to create a centralized view of information security so you can make correlations and discover root causes quickly and decisively.
Security professionals can sometimes feel under-appreciated by the “business.” The single data breach that gets through attracts all the attention, not the ones that were blocked. There’s the seemingly endless challenge of doing battle with threats -- both internal and external -- that are constantly changing. Meanwhile, the growing number of devices in an organization means having to be perpetually on the lookout for where the next threat may come from. And data center complexity is getting worse.
Symantec security solutions enable enterprises to protect information proactively, respond rapidly to threats, automate compliance processes, and simplify security management to improve both efficiency and effectiveness. Ultimately, Symantec enables enterprises to create an operational model for security that is risk-based, content-aware, and responsive to threats in real time.