Forum Discussion

Fabiano_Pessoa's avatar
13 years ago

IT security policies need to change

IT security policies need to change
Mobility, cloud and advancement of social networks are becoming obsolete the traditional rules, say industry leaders

IT and information security managers will not be able to directly control or adequately protect company data in the coming years. The warning comes from industry executives attending the RSA Conference 2012, being held this week in San Francisco (USA).

The confluence of cloud computing, mobile technologies and the consumerization of IT is driving big changes in how corporate data is accessed, used and shared.

Instead of trying to fight this movement and change data management, companies should seek an adjustment to the new environment in a safe and practical advice to executives.

"We need to rethink how to protect the company," said Enrique Salem, president and CEO of Symantec, which was one of the keynotes of the conference, which began on Monday (27/2) and closes on Friday (2/03 ).

"We have to stop saying 'no' and try to form a partnership with our user community to enable safe access of new technologies and social media tools, Salem says the executive.

Salem notes that many of the current rules on security in enterprises should be discarded. "In this new world, we can not control the device," he says.

The company's data are increasingly accessed and shared via means they have little direct control, as is the case of personal mobile devices and social networks used by employees and services hosted by cloud providers.

"With the expanded use of public and private clouds do not know where our data resides are accessed or when," said Salem.

Models that focus on traditional security network perimeter controls do not work in the new IT environment, strengthens the CEO of Symantec. Companies must begin to implement controls that can authenticate, authorize and monitor user access through new approaches.

Instead of having only firewalls to prevent malicious code from entering the network, businesses should start adding controls that can keep your critical information protected, said Salem.

For the first time since the dawn of IT, consumer and experienced employees are adopting technologies faster than companies can absorb them, "says Art Coviello, president of RSA, the security division of EMC.

Protection of large volumes of data

The ramifications of the trend are significant. "IT must learn to manage what you can not control directly and learn to protect what can not anymore," says Coviello

Over the past 10 years, he noted, data volumes, speeds data access, the use of mobile technologies and social media tools and risk levels have increased by several orders of magnitude.

"If Facebook were a country, it would be the third largest on the planet right now," compares the executive of RSA / EMC. Protect corporate data in the new environment is much different than current models allow security, he added.

Scott Charney, vice president of Microsoft's Trustworthy Computing initiative, emphasizes that good security in the current scenario should be increasingly on the ability to manage and analyze large volumes of data. "It's very important to understand that we are moving to the internet of things," he says.

As users begin to access corporate data from mobile devices and other channels, the security manager must find a way to deal with an avalance of information related to devices, cloud infrastructure, data and geolocation sensors, Charney said.

Patricia Titus, chief information security, Symantec, argued that, although many processes need to change some things about the safety of the company remain the same.

"The governance has not changed much. I still have to keep the basic cybersecurity" as patch and installation of antivirus tools. These ingredients are essential and security managers should not ignore such measures, "says Patricia.

"The job security is the same, but now we have an additional layer of complexity," says Patricia.

Source: ComputerWorld