Holistic Security: Protecting the Entire IT InfrastructureBy Bob Violino | Posted 2012-03-13 Email Print
Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
Enterprises need to deploy a layered defense and make data protection everyone’s business.
By Bob Violino
Information security attacks are becoming more sophisticated and are coming from a growing number of sources. At the same time, more workers than ever are using mobile devices to access corporate data, and social networking and cloud computing continue to gain traction in the enterprise.
These trends are setting off alarm bells for IT, security and risk management executives regarding the safety of information assets. Never before have organizations faced such complex information security challenges.
For many companies, the solution to addressing vulnerabilities is to implement an end-to-end, or layered, defense so that all key elements of the IT infrastructure are protected against a variety of threats. In addition to a layered defense, enterprises are making security the business of everyone in the organization—it’s not just IT’s problem.
While the biggest concerns with security are typically related to critical infrastructure, monetary systems, intellectual property, and individual financial and private records, attackers can—and do—go after virtually any type of information.
“There is nothing we do that is not digital in nature, and all aspects are important to someone,” says Hord Tipton, executive director of the International Information Systems Security Certification Consortium Inc., (ISC)², a not-for-profit organization in Vienna, Va., that provides education and certification for information security professionals.
The reason a layered approach to security is vital is that individual layers “don’t have to be perfect, provided you have enough layers, because each layer covers the shortcomings of the others,” adds Roger Thompson, chief emerging threats researcher at ICSA Labs, a Mechanicsburg, Pa., firm that provides testing and certification of security products.