Protecting information today for a secure future
Enrique Salem, president and CEO, Symantec
The consumerization of IT and trends such as cloud, virtualization and mobility are changing the way we do business. The lines between business and personal life continue to blur as we move towards constant connectivity. It's not just technology that is impacting the way we do business; it's also the expectations and behaviors of today's Digital Natives.
Digital Natives, born in the 1990s, have never known a world without Internet connectivity and mobile devices. They are used to immediate online social interaction and collaboration. As this new generation enters the workforce, they bring with them a new way of working combined with a different perspective on technology. The way we do business, collaborate and secure our information is changing, because it has to.
The future of business is right in front of us. It is virtualized, in the cloud, mobile and constantly connected. Yesterday's enterprises were locked down and secure. Today's enterprises are open, distributed and far less secure than they need to be. We no longer control devices, public and private cloud use is increasing, and we don't know where our data resides. We have to find a way to adapt to these changes without compromising security.
We know the “lockdown” approach no longer works. Using the cloud to store information and enabling mobility for employees creates many benefits for enterprises, such as enhanced productivity, increased convenience and lower support costs. In addition, the lockdown approach stifles all the creativity and innovation that the Digital Native generation brings. When this generation needs a solution, they have a vast network of resources they use to find the answer. In a locked-down enterprise environment, all of those resources are closed off to them. Finally, this approach is not foolproof. Employees are already finding workarounds, whether it's storing company files on Dropbox or consulting their Twitter networks for the answers to work-related questions.
If we want real protection in this new workplace, we need to let go of the lockdown mentality and rethink the way we secure our enterprises. If tomorrow's generation will be “wired for social,” then today's environment needs to be “wired for security.” To do this, we need to create an additional layer of information protection. Symantec has been focusing on securing the new workplace with a new secure ecosystem, and our recent initiatives are moving us steps closer to creating this new level of protection for the world's information.
We will still need to deliver the Triple A (authentication, authorization, audit), but do this in a new way. There are a few key things that this new layer will need to have to protect information in the new workplace:
- First, information protection will need flexible, expanded and pervasive identity management. It will need to include simplified sign-on, single sign-on, access control, user management – across all cloud services. It should have the ability to watch the outbound flow of data, work with existing identity management solutions, and be able to turn off easily when someone leaves the company.
- Second, the new workplace demands a new type of information security and access control. It will need a new control point via a software gateway that recognizes identities and controls for every piece of data that moves in and out of the enterprise.
- Third, it's not about the device, but the organization and classification of data. When an organization watches the outbound flow of traffic, it needs to look at it file by file and be content-aware, intuitive and policy-based with the ability to block when necessary or force encryption – all without getting in the way of business.
- Next, a new auditing system with full visibility into the flow of information and people will be important. We need to be able to record all access and information security events, while monitoring the interactions between people and information to provide consistent visibility across internal and external IT resources.
- And lastly, we need to ease the administrative burden involved. This new approach needs to be enforced by a broader policy, be able to learn and adjust, and be transparent, but always active so we always know what information we have and where it's going.
The approach outlined here is critical, but it's not enough. Advanced persistent threats have become more targeted and the new generation of workers assumes their connected world is safe. To protect against threats, we need advanced persistent protection, which is built on four things:
- A reliable early warning system that lets us know when new threats or attacks are on the horizon
- State of the art protection that recognizes threats without impacting the user unnecessarily
- Fast remediation solutions that move faster than the threats
- And a response plan for how to react when threats do happen – the response may be internal or could require outside resources, including law enforcement
Enrique Salem is the president and chief executive officer of Symantec.