The Gartner IT Security Report 2008 recently showed that businesses continue to spend on security. Encouragingly, the research clearly demonstrated that businesses are only too aware of the increased security risks they potentially face. Companies are truly focused on protecting IT from sophisticated and targeted attacks - which are getting worse.
This can be evidenced by the fact that in 2008, we uncovered that there was more malicious software discovered than in the previous five years combined, and the fact that 80 per cent of all malware is financially motivated.
In the economically challenging times of late, cybercriminals have never been more motivated to attempt to benefit from stealing company data, and as a result data loss and ID theft alone cost companies an estimated $1 trillion each year. McAfee Avert Labs predicts that attacks on businesses could increase by as much as 500 per cent this year.
As the threat environment for businesses has become increasingly complex, organisations have tended to deploy a wide variety of solutions to meet these challenges. According to industry analysts, a large enterprise today can have as many as 200 different security providers.
Having understood the potential security dangers they face, many large enterprises have increased their spending in security and increased the number of security solutions they deploy to cover everything from email security to system and data protection.
Nonetheless, such an array of security solutions from different vendors has created somewhat of a corporate headache, creating significant complexity for security teams.
At the same time, the current recession is forcing many organisations to look at consolidating security solutions providers in an effort to reduce expenses and drive down hardware, software and operational costs.
Faced with the aforementioned security risks, today’s challenging economic conditions and the need to have a robust security solution whilst minimising complexity, has effectively made security a strategic decision.
Security is no longer an operational issue for companies, it is of strategic importance, and not surprisingly companies are beginning to adopt a strategic approach to the development of their security roadmaps, taking them from tactical, threat-driven protection to an optimised security architecture.
Currently, many organisations exist with a baseline level of protection, caused by the lack of integration in their security products. Enterprises need to move towards a more proactive approach in order to achieve an optimised security architecture.
Blueprint for tomorrow’s security architecture
A robust security architecture requires a centralised security management platform which can deliver real-time visibility, multi-layered protection and automated compliance. It requires scalability, usability and integration with systems management tools to ensure more streamlined security operations.
Only by ticking all these boxes and delivering these services, can companies derive the improved security protection they require whilst achieving the cost reductions they deserve. So, when building a security architecture of such strategic importance to the enterprise, what should the blueprint contain?
First and foremost, and bearing in mind the constant increase in security threats to companies, it must be strengthened protection. This requires integration within and between endpoint, network, data and compliance solutions to reduce the security gaps and management complexity.
A centralised security management platform should give companies multi-layered protection and a holistic view of their entire security infrastructure; whilst at the same time allow integration of certified partner products to help the organisation future-proof their security architecture.