The emergence of new mobile devices such as smartphones and tablets and delivery models such as cloud computing and Web services are rapidly changing the enterprise security environment. Add to that the bucket loads of big data being generated, and the burgeoning digital workplace that provides a number of points for data to "leak out," and this much becomes clear: If breached, your organization could suffer irreparable damage to its operations and reputation.
Enterprise security management strategies are evolving rapidly with these changing circumstances. While information must be readily available to employees and customers, it must also be protected from those who shouldn't have access to it. It's up to the CIO to stay on top of these various security scenarios and counter the threats that could make or break an organization. This enterprise security management primer provides IT executives with information on assessing their security readiness, strategizing the steps needed to secure their networks and planning for any breaches that might occur.
Table of contents:
Why cloud service providers can help with enterprise security management
Should cloud service providers also be security and compliance coaches? The idea is not as strange as it might sound, and could save headaches on both sides down the road, some industry experts and insiders say.
Doug Barbin, a principal at BrightLine CPAs & Associates Inc., a Tampa, Fla.-based assurance and compliance advisory firm, said there's often a disconnect between what cloud service providers actually provide in terms of security policies and maintenance and what the customer ultimately is responsible for handling on its own.
"In these virtualized environments ... a [virtual machine] may have a standard Windows implementation; the machine is passed over to the customer, who has administrative access to that VM," Barbin said. It's at this "customer handoff" that the answer to who is responsible for things like maintenance and patching is left a very gray area, he said.
Learn more about why cloud providers should coach enterprises on security matters .
A video guide to managing IT risk
Enterprise security management isn't easy, but these videos can help get your IT organization on the right track.
Enterprise security roles proving tough to fill
The past three years were difficult for information security organizations: Threats continued to escalate, IT environments grew increasingly complex and the availability of resources to address these problems failed to keep pace with need. Thankfully, good news is on the way. Forrester Research Inc. is witnessing an early trend, arising in sectors such as the pharmaceutical and petrochemical industries, of increased information security spending. Of the three main areas where organizations will invest -- staffing, skills and technology -- staffing will present the greatest challenge to security leaders.
Despite the economic downturn and increased unemployment rates across IT, finding the right people for an information security team has become increasingly difficult over the past three years. This is a worrying trend and one that is only likely to escalate as austerity recedes and demand for quality staff increases.
Building an effective enterprise security management team requires myriad roles and skills, with a scientifically precise balance of technical and business understanding, threat insight and risk expertise. Such a balance requires the careful selection and development of individuals together with a fair amount of strategic planning and creativity.
Learn more about how to find enterprise security specialists .
An enterprise security management specialist can make mobile strategies sing
Businesses can no longer dictate the devices they support or maintain veto power over employee-owned devices. Seventy-seven percent of smartphones used at work are selected by an employee, and 48% are chosen without regard for IT support.
So what's an IT department to do to effectively support mobile operations?
We certainly don't think you should give every employee a smartphone, so you'll need individuals in your IT organization to step up and evolve their roles from back-office technologists and policy cops to business enablers. A cost-effective, lightweight approach to mobile management will give employees a productivity boost. Today, it's access to email, contacts and calendars; tomorrow, it will be access to apps for the sales force and specific lines of business.
Read the full tip to find out how mobile devices affect enterprise security .
IT security issues quiz for CIOs: Test your knowledge
IT security risk management issues are a top priority for today's CIOs, with security and compliance knowledge among the most sought-after CIO skill sets. The safety of company data, transactional records and client information is of paramount importance, especially as open source software, cloud services and bring-your-own-device (BYOD) technologies gain more prominence in the enterprise. As a result, many organizations are taking another look at their IT security policies, detailing potential risks and planning for business continuity and disaster recovery.
Our CIO interviewees and expert IT contributors have brought you advice on how to avoid system failures, dodge site outages, protect data and more. So, what have you learned about IT security and risk management issues and -- most importantly -- how to avoid the worst of them? Review some of our recent coverage and take this quiz to find out how much you know.