The following introduction was originally published in the BCS Information Security Now Magazine, Spring 2008 issue (Volume 2, Issue 3), which was on the topic of Enterprise Security:
“I feel that to be effective enterprise security needs to have a broad focus; moving beyond a rigid infrastructure and network boundaries to take on a much more holistic view, encompassing how employees actually interact with and use corporate information and resources. No longer should it be limited to company controlled hardware and applications, with its perennial issues of configuration and patch management, access control, onsite support contracts, perimeter and desktop security, in-house application development, but go even wider.
The brave new world has already brought us deperimeterisation, the erosion or blurring of network edges; off-shoring and outsourcing, with control being less direct and more reliant on third party contracts; VoIP, removing boundaries as voice and data merge; virtualisation, bringing issues of properly designing resilience and security into a more logical architecture; online services, such as software as a service (SaaS) and web 2.0, commercially attractive but how do you ensure that your data is protected and available when you want it?
Recent incidents of large-scale information leakage are partly a result of the move towards everything being digital, but without the associated changes needed to staff education and data controls. Increasing use of the social web, instant messaging, online games, messaging boards, blogs, photo sites et al means that users – your staff – expect ready, user controlled, transfer and publishing of information. Businesses need to account for this when those same users are handling your information and data. Shouldn’t this also form part of what we call enterprise security?”
A PDF version of the magazine is available online at: