| Building a secure enterprise "In the drive for operating efficiencies, businesses are seeking to introduce process improvements that allow them to deliver innovative business solutions, build on partner relationships, improve productivity and enhance customer service. Many executives see this change process as essential to fuel the next major wave of business growth and also expect it to significantly reduce their process costs," he argues. New business models will seek to take advantage of the opportunities available through global networking by continually expanding the number of external parties that organisations are connected to, and wish to engage with in order to do business. Such activities will include opening up their businesses to enable electronic collaboration with business partners, integration with suppliers, delivering service to customers, and interfacing with third party service providers. Mr. Whitworth stated: "Opening up the business in this way will expose corporate information, and information systems, to a wider and less tightly controlled world – further increasing any security risks. These systems and associated information must be securely harnessed, to ensure profitable use. Remember, this is a new way of doing business, and existing security mechanisms were not designed with the new business models in mind." "The growing dependence of such connected organisations on sharing their information systems and network connections, coupled with the risks, benefits and opportunities carried with it, make information security an increasingly critical facet of overall corporate governance. Senior business management and IT alike need to ensure that information security is aligned with enterprise strategies - and make sure that enterprise strategies take proper advantage of information security," he added. Organisations often have to make sometimes difficult trade offs between different business objectives - information security issues are not, and should not be, immune from such considerations. It is only by embracing security as a full part of the business planning process that it will cease to be perceived as a major barrier to implementation and start to be seen as a business enabler. Getting the right foundations * Security is all about managing risk. * Security is not a product – it’s an ongoing process. You cannot find security in a box on the shelf of your local product vendor. Keeping these ground rules in mind allows us to lay the right foundations for implementing security in the new business world. "Organisations must ensure that they are aware of what is involved in realising their new business models. This includes understanding the impact of security, or lack of it, and appreciating the potential security risks to be faced. If you do not have an awareness and understanding of the security issues relevant to your business, how can you make informed business decisions?" "Security should provide you with the management processes, technology and general confidence to allow your organisation to ensure business transactions can be trusted. It allows you to ensure services are usable and can appropriately resist and recover from failures due to error, deliberate attacks or disaster. It also safeguards critical confidential information and withholds it from those who should not have access to it." Security is an ongoing process which is as much about corporate culture and behaviour as it is about authentication, encryption and passwords. Ultimately, it is about compromises: risks to the business versus the costs of controlling them. Organisations must be prepared to realise the benefits of the new business environment and must be aware of, and consider, the best ways to offer flexibility to customers and trading partners, yet ensure security of critical information and systems for all its users. In this day and age, the costs of having too little or too much security can seriously damage a business. The last thing any organisation wants is to be held back in its vision because of security concerns. Martin Whitworth concluded "If you want to succeed in the rapidly changing world of electronic trading partnerships, it is essential to align your approach to information security with your enterprise business strategy."
•Date:
22nd June 2004 • Region: UK/World •Type:
Article •Topic: ISM |
