SECURITY HurtsBUSINESS

Don’t Let It

IntroAs if IT security didn’t have enough issues to contend with, it now has another. And, it’s a troublesome one…

. . . mitigating the risk of repelling customers because security defenses make your company unattractive or too hard to do business with. In this age of the customer – who wants everything available on every device from everywhere all the time – IT security is at risk of hurting the very business it is charged with protecting.

IT security issues have never been out of the spotlight, but the wattage has amped up lately. The NSA/Snowden revelations and high-profile retail data breaches serve to remind us that we are always at risk and, for all intents and purposes, under attack. The CIO of the University of California/Berkeley, for example, recently reported that the university is subject to millions of attack attempts every week. Developing a siege mentality under such conditions is understandable.

Then there are the lines of business, and marketing and sales organizations. They are devising mobile, social and digital media strategies and campaigns intended to put the

online welcome mat out for all customers (potential, prospective, new, existing, mature and former) and customer types (financial, business management, technical, influencer, executive, regulatory, etc.) At the end of the day, without customers and revenue generation, there will soon be no business to protect from bad guys.

Reconciling the needs for the business with obligations to protect it will produce intense pressure and organizational dissonance over the coming months and years. Time is on no one’s side except one: the customers’. They define pace. They are the arbiters of acceptability. Disappoint them at your own peril.

The answers for creating a secure yet engaging online presence are not here; they are “out there.” What you will find here are some guideposts that may help you find an acceptable reconciliation between getting what you want versus getting what you need (with apologies to The Rolling Stones).

Many industry and agency data privacy regulations came into being because businesses were not taking responsibility for protecting private information on their own. The resulting IT security mandate was to meet compliance requirements at the lowest cost. A reasonable objective, except for one thing: it’s mandate-focused and not customer-focused.

Security and risk (S&R) professionals may need a change of perception regarding data protection, from doing only as much as they need to do, to doing as much as they can. Protecting customers’ personal information should be no less important than protecting their own. S&R needs to adopt a stance as the advocate for data privacy protection and champion of the customers’ best interests, as that is in the best interest of the company.

Security and risk (S&R) professionals may need a change of perception regarding data protection . . .

Security Reports to the Customer

03

While the customer is the absolute center of power, the marketing organization is rapidly taking the reins and leading both the business and technology charge to intercept, capture and retain your company’s revenue stream by delighting customers. This is done digitally, with increasingly sophisticated strategies, tools, and measurements in evermore truncated timeframes. Get on board or get out of the way.

The Chief Marketing Officer (CMO) will spend more on technology management than the CIO by 2018, according to a prediction for Forrester Research (Twelve Recommendations for Your Security Program in 2014, pg. 13, February 6, 2014). More money will be spent

for business technology that drives revenue than spent on IT technology for maintaining business operations.

A typical scenario in the past was for S&R to raise red security flags after the marketing programs were developed and ready to roll out. Timing was not generally appreciated. Marketing success in the age of the customer will not survive such delays, so such delays will not be tolerated, much less appreciated. S&R can add value by understanding business technology, becoming involved in marketing’s conceptual program designs from the outset, and integrating appropriate security controls and measures during development.

Align with the Center of Power

. . . capture and retain your company’s revenue stream by delighting customers.

04

Customers have no patience. The more difficult or unpleasant you make it to engage with your company online or via mobile, the sooner that customer will be someone else’s. Can the user interface be both inviting as well as secure? Yes, however older user account management techniques will not get you there. The world is rapidly moving toward adaptive, user behavior-based authentication, which increasingly relies on big data analytics.

It comes down to responsive design, and it’s very much an evolving science. It means building intelligence into the authentication process that can put a visitor in proper context and sense behaviors that result in the optimum user experience, regardless of device(s) used. The fine line is to be able to do this while achieving balance between usability and S&R.

Hang Out theWelcome Sign

It comes down to responsive design, and it’s very much an evolving science.

05

Integrating security into product development is as important as including it in marketing program development. Just as development and operations teams are working more as a unit in order to crush down time-to-market and resolve problems in-line, so must security be designed in as part of the process and not hammered in as an afterthought just before launch.

Increasing an understanding of business plays key role here, too. Demanding security perfection

cannot fly given the speed of innovation and creativity needed to keep up with customer expectations and competitive threats. Security needs to see the situation not as black or white, but fluid. Devising processes to identify issues sooner, and methods that enable rapid and effective response to reduce potential revenue and reputation impacts in the market are S&R’s challenges. So, too, development and operations must embrace the criticality of the S&R role keeping customers and the company from harm.

Throwing Product Over the Wall to Security

Integrating security into product development is as important as including it in marketing program development.

06

Do you have a security architecture, or do you have multiple security products acquired over time in an attempt to plug holes or respond to specific threats or compliance regulations? The rapidity with which security has come to the fore of business criticality has left many with non-optimized products that are becoming difficult to maintain. There is no cohesive strategy aligned with business requirements, or an ability to adapt as requirements, opportunities, threats, or challenges present themselves in the future.

Take inventory of what you have. Consolidate, unify and simplify. Choose vendors with

broad portfolio options and products that will integrate easily with your infrastructure and other vendor’s products. Ensure that security is a feature of IT services you employ, either embedded or available as an option.

Consider letting someone else do on the routine day-to-day tactical aspects of data security and management, while you increase your strategic value to the company, marketing, product development and the customer. Managed security in the cloud can alleviate staffing strain and budget pressure, and is increasingly becoming a core component of a strategic security architecture.

Rationalize Security Investments

Managed security in the cloud can alleviate staffing strain and budget pressure . . .

07

Support for Windows XP SP3 and Office 2003 will end April 8th, 2014. As of February 2014, Windows XP market share was 29.23%, with business installations making up a hefty amount of the number. Soon, users will no longer get security updates or patches for Windows XP from Microsoft, leaving the door open to attackers to exploit security flaws of XP and Internet Explorer 6 to 8.

This is an opportunity to make two improvements in data security. The first and most obvious is to upgrade to a more feature-rich and secure operating system, such as Windows 8.1. The second

opportunity is to upgrade all desktops, while also providing fast and secure desktop delivery to mobile devices and smartphones at the same time, via cloud-delivered desktops. This can be a big help in the struggle to corral BYOD issues.

Sometimes called Desktop as a Service or VDI, this strategy serves up your applications and data to any device, anywhere and at any time – with the same access and productivity, and arguably better security and lower cost, as from a traditional office environment. Solutions can include all of the servers, networking, patching, antivirus protection and licensing (OS and Office).

A Specific Threat Waits in the Wings

The second opportunity is to upgrade all desktops, while also providing fast and secure desktop delivery to mobile devices . . .

08

Can a rich customer experience co-exist with defenses against increasingly sophisticated cybercrime? It’s a moot point; they have to co-exist. Many organizations today, however, are not prepared as well as they must be. “Disruption” does not even begin to describe the impact that social, mobile and cloud technologies are heaping upon us all. Nothing can be as it was.

S&R is certainly important, but comprise only one of the many functions caught in the vortex. Redefining roles and achieving alignment among the many functions is the challenge confronting many organizations today; it’s a work in progress.

S&R professionals, like their IT counterparts, must achieve better balance between their

operational and business responsibilities, between tactical and the strategic thinking. They are well positioned to do so. Their potential for direct contribution to the success of the company is now in full view of the executive level, and they are expected to assert themselves.

This can mean a willingness to assume more risk, which flies in the face of S&R DNA. But this is the age of customer, a time when speed and agility are the difference between success and failure. The challenge for S&R is to help their organizations move ahead in the most prudent fashion, where risks are understood, measured, and treated to stay within defined tolerances.

Taking a Seat at the Table

Risk and Security is certainly important, but comprise only one of the many functions caught in the vortex.

09

Peak 10 offers a wide range of managed security solutions to protect against viruses, spam and other issues that can compromise the security and integrity of your IT assets. Peak 10 solutions also can help your company meet a number of regulatory requirements and enforce company security policies. All services are tailored to meet your company’s specific business requirements, and are backed by our industry-leading service level agreements (SLAs).

Enterprise-class data center services, including colocation and hosting, are available through Peak 10’s network of strategically located, secure data centers. Comprised of facilities, network, power and IP address space, Peak 10 data center services allow you to utilize your existing investment in computing equipment and networking gear while ensuring the best possible combination of redundancy, resiliency and industry best practices.

Peak 10 is there with you, today and tomorrow.

Peak 10 Can Help

Contact Us:866.473.2510 Peak10.com

Let Us Help YouContact one of our Solutions Engineers today.