By Chris Schaaf, Regional Sales Manager, HP Enterprise Security Products, Sub-Saharan and South Africa
It’s unlikely that any Chief Information Security Officer (CISO) would deny that any of the 4C’s listed in the title are credible security trends individually but they may not have made the connection between them and how the relationship between each can actually lead to advanced business security thinking.
Consumerisation, in the rush to mobile and advanced consumer devices, is dramatically changing the relationship of IT within the business. However, many IT managers are still finding themselves trapped within the three year desktop replacement cycle. So, is everything changing?
Part of the answer is that consumerisation and cloud are evolving very quickly and that too many CIOs and CISOs are floundering by sticking to an enterprise IT culture that stubbornly refuses to acknowledge these trends – to the enterprise’s ultimate commercial disadvantage.
At the same time the picture is further complicated by IT leaders who want to change but are frustrated at their inability to embrace cloud and consumerisation, and shift to full 4C thinking. These leaders know that consumerisation is potentially low cost which allows for IT experimentation.
Figures released by Gartner show that worldwide sales of mobile devices to end users totalled 428.7 million units in the second quarter of 2011, a 16.5% increase from the second quarter of 2010. These devices will be entering the enterprise regardless – there is no doubt about that. Adopting and enhancing consumerisation is therefore a key part of moving towards 4C.
Cloud is the technology that many security professionals love to hate as, it must be admitted, so do a lot of regular IT professionals. Yet they cannot ignore the business benefits are all there: cost reduction, flexibility, new ways of working, enhanced storage and mobile access to data.
Yet the reluctance of many IT leaders is based on two fears: loss of control and lack of data visibility. Both of which lead to significant risk exposure.
But to embrace the 4C they need to overcome this fear because, as with consumerisation, they can. The secure cloud is possible now and possible in configurations and options that leave legacy architectures miles behind.
Jean Bozman, IDC, analyst stated that: “next-gen cloud computing decisions will be designed to scale up, and scale down, on-demand—and to allocate resources across a ‘grid’ or ‘array’ of pre-constructed building blocks developed by the service provider.
It will also demand a careful 4C evaluation of the customer’s inventory of enterprise applications, to determine which ones could be moved to cloud computing”.
Needless to say this will need to be done securely but the key is flexibility and instant scalability – something that is simply not possible with legacy systems. The world’s leading cloud providers do, however, have the expertise to make this happen.
The security concern is why cyber is central to 4C strategies. Nothing can happen in IT today without consideration of cyber threats, which can be simply defined as any attack launched against a business via its total IT architecture. This includes financial attacks, IP theft, denial of service and politically motivated attacks. Cyber is a constant threat to business continuity.
The financial implications on their own are disturbing. The Organisation for Security and Cooperation in Europe (OSCE) has estimated cyber crime theft amounts $100 billion annually. Cloud and consumerisation simply cannot function unless security is integrated within the enterprise stack.
Collaboration is potentially the most revolutionary and innovative part of 4C pulling IT permanently out of its remaining silo. Treating IT and information security as a business enabler was just a start. It must now be a fully collaborative part of the business, not just in IT terms but right across the enterprise.
Collaboration will also cross outside the enterprise to customers, partners and outsourced suppliers through the use of advanced tools such as security analytics and business intelligence systems. Through these, IT leaders can develop reporting that improves functionality, processes and efficiencies in departments previously considered alien to IT engagement such as Marketing (including social media), Finance and HR. IT cannot be an end itself. It must serve the business to encourage employees to be innovative in their jobs. If the CIO and CISO cannot embrace innovation, how can others?
Too many IT leaders have got bogged down in rules, fixed thinking and keeping to their own self imposed restrictions. This is even truer of the IT security departments. Many IT people have forgotten that they are in charge of the one department that has the means to innovate and use technology to benefit the business like no other. They can be enablers and deliverers.
The connectivity of 4C is a unique opportunity to do just that.