Over a year ago, IBM began a global conversation about how the planet is becoming smarter with an increasingly instrumented, interconnected and intelligent infrastructure. There is an explosive growth of data that is collected about virtually every aspect of our lives that we can connect and share across billions of devices with built-in intelligence. Our ability to use this data to visualize, control and automate what happens in our environment influences every aspect of our lives from financial transactions, to healthcare, retail, transportation, communications, government and utilities.
Security remains a prerequisite for doing business in today's dynamically evolving enterprise – managing risk in this environment is a challenge with constantly changing vulnerabilities, both internal and external, as the threats become more sophisticated. Failure to protect our systems results in lost business and impacts brand trust and business advantage.
Security for the smarter planet
Security can allow organizations to take risk and be an enabler of innovative change for them. Let's look at how security can help manage complexity, reduce costs and assure compliance.
- Identity is a focal point in today's global economy where trustworthy credentials are required for any interaction or transaction. The process of granting and maintaining digital identities, granting access to applications and information assets, and auditing user activities is a difficult and expensive one. Organizations spend an average of two weeks to set up new users on IT systems and typically up to 40 percent of existing user accounts are invalid. Identity and access management solutions can lower costs and mitigate the risks associated with managing user access to corporate resources; for example, reducing user provisioning time from days/weeks to minutes.
- Security at the application layer is an important area to watch, with industry analysts estimating that 80 percent of organizations will experience an application security incident by 2010. The average application deployed has dozens, sometimes hundreds, of defects, and about 74 percent of application vulnerabilities have no patches available today based on IBM X-Force research. Security should be an intrinsic aspect of business processes and operations, factored into the process from the initial security architecture to application development and implementation. Look at the ROI... Businesses today spend 80 percent of development costs identifying and correcting defects, costing $25 during coding phase versus $16,000 in post-production. Secure design can improve product quality and reduce costs in the long run.
- To cut costs and operate more efficiently, our customers tell us they want to adopt such technology paradigms as cloud and virtualization to provide dynamic operational support for peak capacity demands and data sharing. Unfortunately, security is often a roadblock. Effective data security and strong access controls can prevent security exposures when exploiting cloud technology. These and other security capabilities will only grow in importance as standards, such as PCI DSS, look at adding a requirements section specific to virtualization and cloud.
- The average company is subject to hundreds, often thousands of regulatory or industry specific compliance mandates, not to mention internal policies and audit standards. Trying to address this mix of requirements is overwhelming. Automation can help with compliance monitoring – effectively collecting and analyzing security information and events – management and reporting for data privacy laws and industry regulations.
Few would argue that IT security challenges are rising with an increase in sophisticated threats. Organizations will turn to any number of best practices for guidance, but the adherence to service management (ITSM) disciplines and the adoption of information technology infrastructure library (ITIL) services has proven to be the most effective. Industry surveys indicate that 87 percent of breaches were considered avoidable through reasonable (foundational) controls and the highest performers in the area of security management were those that adopted ITIL as their best practice approach. When creating a security “foundation”, it is important that organizations take a business-driven perspective – ensuring they align IT with their business objectives, allocate risk across security domains, and enforce the appropriate security level in each area in light of business opportunities, threats, and vulnerabilities.
Technology has a huge potential to help manage risk while enabling innovation for business growth. Imagine a smarter planet where critical infrastructures are more secure, cities are safer, your identity and privacy are protected, and you have ability to use social networking sites and new, cool apps on smart devices without worrying about the risks. A smarter and more secure planet is in everyone's interest, and the time for us to act is now!