A winnable war?
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
How can the battle to secure the infrastructure be won?
The battle to secure the enterprise has come to resemble an arms race: the latest technologies to combat threats give rise to new forms of attacks and malware. And some combatants are losing hope of ever winning the war.
"I used to boast to CIOs from other foreign offices about how we were the first to bring Internet access to every desktop. Now we've decided to stop it," says Eric Perkins, head of IT security at the UK's Foreign & Commonwealth Office (FCO). "We are probably losing the battle."
Curtailing Internet access is an extreme response, and one that may be a step too far for many organisations. But that leaves the thorny question of how to cope with the deluge of new threats that an Internet gateway opens up. The level of threats - and the demand that places on the IT function - is reaching the stage where new approaches need urgent consideration, says Richard Cross, information security officer at Japanese car giant Toyota. "We have to find a better solution pretty quickly."
Inevitably, part of the solution was to invest in employee awareness, adds Cross. "It's not about technology. You must persuade people of the value of the information they use and make them aware of the risks."
Cross remains unconvinced by one new approach: "Right now, deperimeterisation would not work. There a lot of things that need to happen first, so let's not jump in too quickly."
"Even if we do eventually use deperimeterisation, we would still need to think about security in terms of people, processes and technology," adds the FCO's Perkins. "Technology will always be the last consideration."
Nonetheless, the current pressure to deliver secure applications to the business has forced organisations to consider technologies that would otherwise have been regarded as too 'specialist', says Nick Kingsbury, global head of software, at technology venture capitalists 3i. "Digital rights management might have seemed like too much aggravation. But businesses are re-evaluating those types of technologies."
Many organisations have been quick to ramp up investment in IT security on the back of the volume of compliance regulations handed down by law makers. And while some businesses are able to comply with little effort, for those already struggling to get a grip of security issues, it is another burden, says Brian Whitaker of business service management vendor BMC: "The obligations of compliance are good for the company, if the processes in place are already mature. If they are not, we tend to find that compliance puts further strain on those processes."
Compliance regulations have also increased executive awareness of security issues, but this can be a double-edged sword, warns Toyota's Cross. "There is a correlation between the top down drive for a project, and the superficiality of the solution," he said. "Senior management involvement focuses issues, but they may push in unwelcome directions."
But while security continues to present a challenge, progress has been made, for example in combating viruses. "This is an example of an industry that has got its act together," says Cross. There is hope.
