Bill Veghte on Securing the Enterprise in a Changing World
Bill Veghte from HP said that organizations need to adopt a new model for securing critical corporate infrastructure assets and information to support the modern business. He gave a keynote presentation at the RSA 2011 Conference on Wednesday on securing the enterprise in a changing world. He said IT is tied more closely to the business than ever and the new digital business model requires a new approach for managing the security.
Each shift in the IT industry - from mainframes to client/server to web and now with the cloud, virtual and mobile platforms - has brought more information to the user but it also brought more security challenges. Risk assessment and management is the key in responding to this shift and the new technologies. The security posture for today is that there are more threats but less visibility, more data but less prioritization, and more impact but less response.
Bill suggested that the security approach should include visualizing the vulnerabilities, incidents and compliance risks. The organizations have to move from a layer specific security model to a holistic one which includes business processes, users and systems as part of the overall security response model. We should also create a security intelligence strategy that includes process centric risk management. The security integration process should include collecting the data set related to security incidents and vulnerabilities and providing the right analysis to bring context to the security vulnerabilities. He said the new security approach should include metrics like Risk Level Agreements (RLAs) similar to the IT metrics we have today for Service Level Agreements (SLAs). Tools like HP IT Management Portfolio can be used to unify the security layers for complete visibility.
He concluded the discussion by saying there will be massive changes happening in the future driven by the cloud, virtual and mobile architectures. The balance of power is shifting to the users and the security model must evolve to respond to this shift.
In another keynote session, Michael Denning from CA Technologies hosted a panel discussion about the secure collaboration effort being undertaken by Transglobal Secure Collaboration Platform (TSCP) program, a 23-member organization, and how government departments and agencies like Aerospace and Defense are securely collaborating on projects.