The ‘current state’ enterprise is unprepared for the security ramifications of global changes and must redefine its security posture via a business centric, holistic risk management approach that spans people, goods and assets, and information systems, writes Grenville Payne, Business Architect at Unisys Africa.
Redefining security in this manner will provide the future foundation by which to manage risk and develop new ways to conduct business.
Today’s security challenges for the typical government and corporate enterprise include external environmental factors, internal factors such as achieving the right balance between agility and assurance, and dynamic factors in terms of maintaining the correct level of preparedness to match ever-changing threat conditions.
Governments and businesses are challenged to operate efficiently and effectively in harsh environments while trying to maintain a balance between ‘assured’ and ‘agile’ commerce. With threats to business continuity, the need for disaster preparedness and the need for strong risk mitigation and management, it is critical that organisations redefine their security posture if they hope to survive and continue to grow.
Given the many challenges within today’s enterprises and the current state of enterprise security, it is essential for businesses to adopt and follow principles that will lead to secure business operations.
* Security must be holistic – Enterprise security should no longer be defined as simply IT security plus guards, guns, and gates. It must be considered holistically across the entire enterprise, from the business and its goals, identifying people to tracking and tracing goods and assets, to securing IT systems.
* Creative strategies and operational plans for prevention, detection and reaction – the need is as fundamental as the presence or absence of an immune system for the human body. Intranet and Extranet(Internet) connectivity is almost a business imperative and you simply cannot survive that environment without the appropriate safeguards. It is a question of when the typical enterprise will be confronted with a disruptive event. Organisations must not just plan for prevention but also for detection and reaction to minimise adverse events and maintain business continuity.
* Visibility is critical – Visibility into enterprise processes can enable both ‘assured’ and ‘agile’ commerce. An enterprise cannot secure what it cannot see or what it doesn’t know.
* Enhanced Public/Private collaboration – to protect against rising threat levels, greater public/private collaboration and greater internal collaboration are necessary.
* Take a proactive stance and look beyond compliance for competitive advantage – compliance requirements are viewed as a cost of doing business, and organisations consequently adopt a minimal approach. Initiatives to support compliance should also be evaluated for opportunities to leverage the investment for innovation and growth. A Governance profile of secure business operations is an attractive attribute for customers, suppliers and investors. As a matter of course a proactive approach that is part and parcel of business operations will surface and identify security and privacy concerns before they become “disruptive events”. In addition investment in compliance can often be leveraged for improved business process insight and operational efficiency. Simply good governance.
Enterprises today need a holistic approach to security – one that is part of everyday business operations and combines management and process expertise based on industry standards with technological skill and business centric operational excellence. An approach that views security policies, procedures, and technology as more than just a way to protect against the occurrence of unwanted events, but also as a means of reducing organisational costs, improving operations and enabling new business opportunities.
Unisys Africa calls this approach ‘Secure Business Operations’. Based on the seemingly simple premise that you can’t secure what you can’t see. Yet it requires an in depth understanding of the many facets of security, the business and the industry in which an organisation operates, and the methodologies and tools that can provide the insight needed to make the right security investment decisions.
Whether a business is protecting physical and IT infrastructures; addressing concerns about privacy and identity theft; controlling access to government benefits, physical or logical resources; participating in e-business initiatives; complying with governmental regulations; tracking goods and assets; securing your supply chain – or all of the above – companies need insight and awareness to effectively manage their business and security risks.
This is the crucial difference between delivering security and ensuring secure business operations. The ability to visualise the different elements of your environment, understand the causal relationships and take the appropriate steps to maximise your security investments.
In both public and private sector, organisations around the globe need to focus their attention on operational efficiency and planned profitable growth – rather than constantly worrying about the continuity, integrity, and security of their operations. They need the knowledge and peace of mind gained from secure business operations that enables them to focus on their core activities. After all, how can a business secure what it can’t see? Or expand without worrying about the security implications.