More growth, lower costs with security
June 23, 2010
ICT is becoming more mobile and more flexible thanks to cloud computing. At the same time, security and data protection requirements are increasing. Those who do not have a suitable security plan in this area of conflicting interests are not only at risk of suffering a blow to their reputation should it come to the worst, but also of losing revenues on a scale that could ruin their business. But there is more behind the concept of security: It is the basis for role-based identity plans which make staff mobile and link customers and suppliers more closely to the company.
70 per cent of IT break-ins come from inside the company, according to a current study by the Security Forum of the German state of Baden-Württemberg. More than one third of companies had to grapple with a “serious loss in revenue” as a result. But: Only nine per cent of the companies mistrust their own staff, 64 per cent believe an attack from inside to be “impossible.”
In addition, the traditional view of security according to which a company’s internal ICT environment needs only be protected against the outside world, is no longer appropriate in times of increasing mobility and networked cooperation. On the contrary, sealing the IT environment off from the outside world may even be detrimental to business.
Three basic questions on the topic of security
Companies are therefore faced with the challenge of having to protect their own knowledge base while opening their systems enough to allow staff or external partners mobile access to them. Three issues are primarily to be looked at here:
- Business Protection: How can I protect my data, systems and applications?
Malicious attacks must be detected and fought off at an early stage. “ICT Infrastructure Security” from T-Systems protects all networks within the company and connections to the outside world. This makes use of dedicated security solutions such as firewalls, anti-virus systems or Virtual Private Networks (VPN). This aspect of security is called “business protection” because risks to ICT are always also risks to the business. - Business Enablement: How can companies integrate all parties involved in the value-added process without compromising security?
Technologies such as cloud computing allow global access to corporate data. Employees can work when on the move and international company locations, customers and suppliers can be integrated more easily into the corporate network and IT. But external partners as well as employees should only have access to specific data appropriate to their roles. In April 2010, experts discussed this development at the European Identity Conference and Cloud Summit 2010. Martin Kuppinger, security expert and organizer of the events, remarked: “Identity access management has a key role to play in the design of electronic business processes within companies and beyond as an enabler of outsourcing and cloud services.” - Business Integration: How can security become an integral part within the company?
Security should not only satisfy the company’s own needs but also comply with legal requirements. Depending on how many and which international locations a company has, it must obey the relevant local compliance rules. In Germany these include the principles of data access and auditing of digital documents (Grundsätze zum Datenzugriff und zur Prüfbarkeit digitaler Unterlagen – GDPdU) which define exact periods for the digital storage of billing-relevant documents. Furthermore, the security measures implemented must be monitored and updated continually. In addition, companies should examine critically any security incidents that occur and implement appropriate counter-measures.
In the second part you can learn how security cuts costs for the company.
