Holistic Security: Protecting the Entire IT Infrastructure

By Bob Violino

Information security attacks are becoming moresophisticated and are coming from a growing number of sources. At the sametime, more workers than ever are using mobile devices to access corporate data,and social networking and cloud computing continue to gain traction in theenterprise.

These trends are settingoff alarm bells forIT, security and risk management executives regarding thesafety of information assets. Never before have organizations faced suchcomplex information security challenges.

For many companies, the solution to addressingvulnerabilities is to implement an end-to-end, or layered, defenseso that all key elements of the IT infrastructure are protected against avariety of threats. In addition to a layered defense, enterprises aremaking security the business of everyone in the organization?it?snotjust IT?s problem.

Whilethe biggest concerns with security are typically related to criticalinfrastructure, monetary systems, intellectual property, and individual financial andprivate records, attackers can?and do?go after virtually any type ofinformation.

?Thereis nothing we do that is not digital in nature, and all aspects are importantto someone,? says Hord Tipton, executive director of the InternationalInformation Systems Security Certification Consortium Inc., (ISC)?, anot-for-profit organization in Vienna, Va., that provides education andcertification for information security professionals.

Thereason a layered approach to security is vital is that individual layers ?don?thave to be perfect, provided you have enough layers, because each layer coversthe shortcomings of the others,? adds RogerThompson, chief emerging threats researcher at ICSA Labs, a Mechanicsburg,Pa., firm that provides testing and certification of security products.