Whether we are talking about financial security, territorial security, or even personal security, the concept of security is constantly evolving as it pertains to the business world and in the overall, global sense. Having recently joined the world of corporate IT security, I was immediately struck by the similarities between the evolution of corporate data, network, site and communications protection and the overall global evolution of security of state and citizen.
In many ways, the focus on IT security in a corporate environment mirrors and evolves along with the idea of security in general. The role of security professionals, whether that is in the IT world or physical world has changed with the evolution of the threat itself.
40 years ago a country could secure its borders, build a strong military, and be relatively safe and isolated from outside threats. Vigilance was reactive and often restricted to military, government, and police agencies within the country. The security of a corporate environment and communications was also a much simpler and more preventative effort. A locked briefcase, locked doors, and secure passwords on rudimentary communication systems were generally enough to thwart attacks which were often limited to one-off rewards.
The landscape has changed and as security professionals providing security services in today’s market, our roles have evolved to include those of educators, innovators, as well as defenders. We have been shown, quite regrettably and dramatically, that in the modern world, a strong military, a great border defence program, and advanced counter espionage programs are not enough to guarantee indemnity from threats. Dedicated and organised attackers will find ways around those defences and will strike at the hearts of our most vulnerable systems and sites.
This also holds true for the modern corporation. Firewalls, authentication systems, communications monitoring, UTM appliances and software controls are all good and necessary preventative measures, but it is the ongoing vigilance, proactive posture, and prepared response plans that will ultimately provide the best security for our clients.
What does this mean for us in the security provider world?
It means a heightened responsibility and a mandated goal to stay ahead of the curve in combating threats. The challenge for us is understanding our clients and their tendencies.
It also means we have a great opportunity. We have the opportunity to be critically integrated into the organisms which are our clients’ corporate environments. Having a defensive responsibility that stretches from the server, to the endpoints, and to the cloud, means there is an abundance of opportunities for us to be creative, inventive, vigilant and consistent in our approach to protecting our clients from the threats that exist and evolve daily.
The concept of security in 2011 is constantly changing and is just as dynamic as the world around us. The notion of “not if – but when”, offers us a unique chance to truly act as trusted advisors and as mission critical resources to our clients. Despite all of our efforts, the adversary is organized, relentless, and in many cases unpredictable due to non-specificity. Hackers will often repeatedly attack multiple targets looking for weakness that may or may not exist until, at some point, they eventually succeed at finding a way past the defences.
The key to our value is not how we stop all breaches of security; we cannot do that. The key is how we help our clients minimize that risk through deployment of best-of-breed preparations and a strong response plan that spells out how we will react organizationally, from CEO to end-user, when the risk confronts us as a reality. A corporation that accepts responsibility for ‘response’ along with the obligatory risk management tasks will improve overall security and reduce losses and damages in the long run.
Our role and enduring professional mission is to help our clients and our industry evolve our collective thinking in line with these goals. This presents both a great challenge and a fantastic opportunity, which makes the security industry an exciting place to work and live.