RSA Is Not Alone

By Lawrence Walsh  |  Posted 2008-04-30 Print this article Print

The game is no longer about keeping the bad guys out. It is about putting risk in a business context.

And RSA’s not the only vendor thinking this way. Hewlett-Packard, a company known more as a platform player than a security company, is pushing its security alliance, allowing for greater integration of security technologies with its heavy hardware and software applications.

“Instead of being a security player and extracting another buck from the customer, we want to give the enterprise back their management and back-end infrastructure with greater efficiency,” says Chris Whitener, chief strategist for HP’s Secure Advantage program.

Even Microsoft—the company most reviled for the security problems in its products—is probing deeper into the security world with its ForeFront line of malware and endpoint defenses that (hold the laughter please) rely on Windows Vista and Windows Server 2008 as a “trusted platform.”

Arguably, these vendors—and the many others mirroring their actions—are looking to achieve relatively the same net result: making security more transparent to the end user and more manageable to the enterprise. But, as Coviello agrees, the problem isn’t just the way technology is deployed and implemented; it’s just as much about how the enterprise views and manages risk.

Security has evolved from the point at which everyone tried to make their enterprises impervious to attack and breaches. Just five years ago, an enterprise would passionately deny suffering even a malware infection on desktops.

Today, there’s open acknowledgement that there’s no such thing as perfect security and that a breach will happen in time. The game is risk mitigation, not risk elimination.

Many security professionals credit regulatory compliance with raising security awareness in the enterprise. But compliance and security are often two different things. The recent security breach at Hannaford supermarkets proved that compliance is no guarantee of breach prevention.

If business is to take advantage of the opportunities created by innovation, the enterprise—not the security or IT vendor—must refocus its security mindset on strategic risk management. That means putting risk into a business context.

Just because you’re at risk doesn’t mean you’ll be breached; just because you’ve been breached doesn’t mean you’ve been compromised; and just because you’ve been compromised doesn’t mean you’ve lost anything of value. Once a value is placed on your enterprise’s data, processes and infrastructure, your security and business executives can make sound decisions on what to protect and what can be sacrificed.

Perhaps then, the 80 percent innovation-avoidance number will start to come down.

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.