As fast as organizations move, IT security needs to move even faster. There are constant pressures to streamline operations and safeguard valuable assets while keeping up with a deluge of new technologies and maintaining usability for employees, partners, vendors, investors, and more. The critical capability to balance this need for speed with demand for security is visibility.
This whitepaper explores:
The world rotates around the sun at a speed of 67,000 miles per hour. That can feel slow when compared to how fast organizations need to move to stay ahead of the competition, meet customer and constituent demands, and adhere to constantly evolving regulations.
As fast as organizations move, IT security needs to move even faster. There are constant pressures to streamline operations and safeguard valuable assets while keeping up with a deluge of new technologies and maintaining usability for employees, partners, vendors, investors, and more.
The critical capability to balance this need for speed with demand for security is visibility.
What does it mean to have visibility in the context of IT security? Why does it matter? And how does it impact an organization’s ability to be adept and move with speed?
Visibility in the context of security is:
When an organization gains visibility into its real security posture and can easily and systematically validate that risk, decision making and risk management become easier. With useful information, security and operations teams can take meaningful, swift, and efficient action to strengthen security while still moving ahead with new technologies, new processes, and new business strategies. IT security then becomes proactive and instrumental in supporting forward motion in the business and business initiatives.
Change has never happened faster and the “consumerization of IT”—an environment in which business users often make decisions about technology and infrastructure—never more prevalent. Consider this fact: “It took 15 years, from 1996 to Q3 2011, to reach 708 million smartphone devices, but then it took only one year for another 300 million to come online,” says Scott Bicheno, senior analyst at Strategy Analytics. According to Ovum’s Multi-market BYOD Survey, October 2012, “57.1% of Full Time Employees use their personal smartphone or tablet for work in some capacity,” and yet “79% of all BYOD usage is still unmanaged today.” With the expanding network perimeter and unmanaged devices, threat evolution shows no sign of slowing down.
While many of the challenges are similar, each organization needs insight and information that are very relevant to its specific situation. With this visibility, the organization can prioritize actions and move fast in a secure way. Security professionals can have speed with control.
Fast can be safe as long as:
Given the above, IT security is at a crossroads: The nature of the job has changed, the source of threats is expanding, and the characteristics of what needs protecting are evolving. Unfortunately, the solutions security pros have been using haven’t always kept pace with this evolution. Often, the tools they have are focused on yesterday’s threats, don’t give them visibility into new technology, like virtual machines and cloud-based infrastructure, and are ill-suited to deal with user impact including bring-your-own-device (BYOD).
Organizations need the right tools and processes to gain visibility into the evolving threats and the vulnerabilities of their organization in order to manage risk while moving fast.
There are three key areas into which an organization needs visibility to manage and reduce risk: IT risk, user risk, and threats.
Network complexity continues to increase. Developments such as virtualization, the cloud, and the looming migration to IPv6 are not only a challenge for IT teams, but represent completely new threat vectors from a security perspective. Assets that used to be more static and managed within an organization’s own data center now are constantly shifting—moving from data center to private cloud and from virtual machine to virtual machine.
Business is increasingly driven by real-time supply chains that include new partner and supplier ecosystems, and internal and outsourced development teams leveraging web services. These dynamic configurations can change on the fly, depending on specific projects or initiatives, making it very challenging for IT and security teams to keep up.
Gain insight into the organization’s entire IT risk including its network, operating systems, web applications, databases, mobile devices, and cloud and virtual environments. New technologies are less daunting if they—and the risks they might pose now and on an ongoing basis—can be seen.
Better visibility is the foundation of prioritized risk management because what isn’t seen or known can’t be managed. Contextual visibility means being able to validate risks and vulnerabilities and prioritize them easily based on exploitability, asset value, and relevant risks.
Contextual visibility delivers: