• No results found

IT Security Management

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IT Security Management"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Chao

Chaos Theor

s Theoryy

(2)
(3)

White Paper: Security Management

Chao

Chaos Theor

s Theoryy

IT Security Management

Contents

Introduction . . . 1

Chaos Explained . . . 1

Managed Chaos . . . 2

The SaaS Rewards . . . 2

SaaS Creates and Reinforces Acceptable Use Policies . . . 3

SaaS Aids in Risk Prevention. . . 3

SaaS Tackles Chaos . . . 4

(4)

Introduction

Information security and compliance officers face numerous challenges. Complexity may be the biggest. After all, every solution – firewalls, antivirus software, spam prevention software, intrusion detection systems, back-up and recovery solutions, etc. – must be implemented, updated, maintained, monitored and managed. And all of this takes place within an environment that changes at warp speed and is under constant assault from attackers continuously looking for and finding the next weak link. In short, the efforts of information security and compliance officers are akin to managed chaos. But Software as a Service (SaaS) has great potential to help create and maintain order in that chaos. Instead of relying on software offered via traditional premise-based licensing models, organizations can ease the complexities associated with information security and compliance with SaaS-based models. SaaS delivers services much in the same way utilities deliver water or electricity and lets companies subscribe only to those software applications they need, when they need them, paying only for what they use. SaaS leverages the Internet as the development and delivery platform and uses a pay-as-you-go subscription structure. Need to update the antivirus software on the scores of scattered desktops in your organization? A SaaS model makes doing this so much easier, and ensures all the antivirus software is installed and current. Need to add a new remote office or employee into your IT fold? SaaS makes it easier to ensure all the hardware, systems and applications are in compliance with your corporate information security standards, giving you less management headaches and uniform security policy enforcement.

The number of organizations adopting SaaS is growing at a healthy clip. In fact, worldwide SaaS revenue within the enterprise application software market is forecast to hit $10.7 billion in 2011, up 16.2 percent from the expected $9.2 billion in 2010.1

SaaS holds a lot of promise in tackling and overcoming IT management chaos. In this paper, we’ll discuss how SaaS is a cost-effective way to ease complexity while managing and even boosting the success of any organization’s information security and compliance endeavors.

Chaos Explained

The origins of chaos theory – a scientific principle describing the unpredictability of systems – date back to well before computers and information systems.2According to an article onwww.referenceforbusiness.com, French mathematician

Henri Poincaré (1854–1912) left writings hinting at the unpredictability of systems; more than a half a century later Edward Lorenz (b. 1917) and a few other scientists were taking note of "odd behavior" in complex systems such as the earth's atmosphere and the human brain. The article goes on to say that today the primary tool for understanding chaos theory (and complexity theory as well) is the dynamic systems theory, which is used to describe processes that constantly change over time (e.g., the ups and downs of the stock market). Processes that constantly change over time… does that sound like information security and compliance? Without any control, the answer to the above question is a resounding “yes.” But information security and compliance officers have worked hard over the years to leverage software and tools to exert control over the chaos. What’s left, no doubt, is managed chaos.

1-http://www.gartner.com/it/page.jsp?id=1406613 Gartner report - "Forecast Analysis: Software as a Service, Worldwide, 2009-2014 2-http://www.referenceforbusiness.com/management/Bun-Comp/Chaos-Theory.html

Chaos Theory

IT Security Management

(5)

Managed Chaos

Inconsistencies in information security and compliance initiatives can be caused by a number of issues: • Little or no control over software versions

• Mismanaged software licenses

• Security policies that are not uniform, consistent or vetted and agreed upon among both business leaders and technical staff

• Threats that change constantly and quickly, making it difficult to keep up • Regulatory requirements that continue to evolve

• The number of regulatory agencies, business partners, customers, and others that require compliance reports continues to grow

The fallout from all these issues, and resultant managed chaos, range from merely bothersome spam to virus attacks to even more sinister security breaches. The demands on information security and compliance professionals continue to escalate. According to a survey conducted by Enterprise Management Associates (EMA) in 2010, “threats are becoming more difficult to manage” was the issue most frequently identified as a top security concern.3EMA points out that the

increased complexity is taking its toll on an organization’s costs, time and expertise. Many professionals wind up performing information security and compliance tasks manually, taking time away from more strategically valuable priorities.

The SaaS Rewards

At a high, very important level, SaaS promises to reduce the complexities associated with information security and compliance. SaaS reduces the complexity by outsourcing – to the service providers themselves – most of the infrastructure required to run software applications.4

Therefore, in a SaaS implementation, the vendor takes care of the support, training, maintenance and security costs associated with managing the infrastructure in exchange for the recurring subscription fees.5

Additionally, SaaS provides more automated and controlled software versioning. Because SaaS is an “always-on” service model that can deliver updates to software as needed, if new viruses require antivirus software updates, a SaaS model ensures that all the desktops supported by that service are updated – even those that might be working from home or in a remote location. All of this makes for more coherent and seamless operation of the applications.

Implementation and deployment times are reduced and simplified. The very nature of a SaaS offering – that the software is owned and maintained by a third party – means organizations can rid themselves of software ownership and all that comes with that ownership. When an on-premise application needs to be upgraded or completely replaced, the one-time costs associated with that can be extensive, and the disruption and time-to-implement can be very taxing to an IT department. Not so with SaaS.

3-http://eval.symantec.com/mktginfo/enterprise/other_resources/b-ema_symantec-ccsr-0410_ib_OR.en-us.pdf 4-http://www.focus.com/articles/information-technology/saas-model-right-you/

5-http://www.gartner.com/resId=1393813-- Gartner report "Forecast Analysis: Software as a Service, Worldwide, 2009-2014"

Chaos Theory

IT Security Management

(6)

Organizations can also more effectively and efficiently plan for and manage growth. According to the Software &

Information Industry Association, “SaaS applications grow with you as your business grows."6Organizations that leverage

SaaS have quick access to a range of applications, there are no major software implementation efforts required, and the barriers to entry are lowered.

Reporting requirements and management changes related to information security and compliance can all be managed through a single console. The SaaS model also provides more seamless and automated end-to-end processes for meeting an organization’s demands of security, compliance, audit and risk management needs. Further, SaaS offerings typically provide extensive audit logs.

Finally, complexity is eased because with SaaS, there are no software keys or licenses to manage or control. And when new employees come aboard, they can have immediate access to the software as new licenses don’t have to be acquired or transferred.

SaaS Creates and Reinforces Acceptable Use Policies

As policies are defined, set, and preached, organizations need to implement security tools and services that are able to enforce those policies. SaaS offerings make it easier to enforce policies that meet the information security and compliance standards set by an organization via automated capabilities to enforce end user policies. For example, policies can be set to scan any executable programs that end users receive or download, and those policies can be enforced automatically, across an organization.

SaaS models enable information security and compliance officers to apply different standards to different groups. In the above example, enforced scans can be set to occur daily to groups that often work remotely, or from home. For groups whose desktops rarely leave the office, scans can be set to occur once a week, for instance.

When policies must change, SaaS models can easily adopt the changes. Information security and compliance officers can define and change the policies through an easy-to-use, Web-based policy management console.

SaaS Aids in Risk Prevention

These days, without email, business can grind to a halt. So if a distributed-denial-of-service (DDoS) attack or some other trouble brings your email service down, it’s vital to have a backup plan, and to have that backup plan be an established and well thought-out part of your overall business continuity plan.

Many organizations run back-ups of email servers, but the tasks can sometimes take second place to other, supposedly more strategic backup and recovery efforts. Databases and applications that are home to corporate financials, for example, are viewed as top-tier security responsibilities. But organizations underestimate just how important email is (businesses can rarely function anymore without it), or how email operations can potentially expose organizations to trouble. Moreover, billions of spam messages are sent each year, clogging inboxes, affecting productivity, and adding clean-up work to already burdened IT staff. SaaS offerings make email continuity and security easier and more

comprehensive. Continuous synchronization with an organization’s primary email system means that a standby system is up-to-date and ready to go at any time, should something happen. The synchronization also creates a secure archive of an

6-Software & Information Industry Association, "Software-as-a-Service: A Comprehensive Look at the Total Cost of Ownership of Software Applications", Prepared by the Software-as-a-Service Executive Council, September 2006

Chaos Theory

IT Security Management

(7)

organization’s email, should the need arise to recover email for reporting or compliance purposes. SaaS-based email filtering can substantially reduce spam infiltrations.

SaaS Tackles Chaos

The chaos theory does include elements of order in seemingly random, unpredictable systems, but organizations need more assurances than theory. They need highly functioning, secure IT systems that work as needed 99.999 percent of the time. They need as close to bulletproof as they can get. SaaS offerings provide a level of certainty against unforeseen events. The ever-increasing complexities involved with information security and compliance are taxing organizations more and more. For some time, the stewards of security and compliance have worked among managed chaos. But security and policy inconsistencies as well as never-ending, more intelligent and more insidious attacks are threatening to bring down that managed chaos. SaaS offerings, with outsourcing aid, version control, quicker time to market, single console management and other benefits, promise to end chaos and help organizations run successful information security and compliance programs.

Symantec.cloud offers a flexible and scalable platform that simplifies maintaining and operating security solutions for email, Web and instant messaging communication. It also provides on-demand reporting and administrator capabilities through a single Web-based portal.

Symantec.cloud offers a subscription-based licensing model, which allows for predictable payments without sacrificing flexibility and control. Symantec.cloud will allow small and medium organizations to leverage all the benefits of an on-premise security solution without the hassles that generally comes with on-site installation.

Chaos Theory

IT Security Management

(8)

AMERICAS UNITED STATES 512 Seventh Avenue 6th Floor New York, NY 10018 USA Toll-free +1 866 460 0000 CANADA 170 University Avenue Toronto, ON M5H 3B3 Canada Toll-free :1 866 460 0000 EUROPE HEADQUARTERS 1270 Lansdowne Court Gloucester Business Park Gloucester, GL3 4AB United Kingdom Tel +44 (0) 1452 627 627 Fax +44 (0) 1452 627 628 Freephone 0800 917 7733 LONDON 3rd Floor 40 Whitfield Street London, W1T 2RH United Kingdom Tel +44 (0) 203 009 6500 Fax +44 (0) 203 009 6552 Support +44 (0) 1452 627 766 NETHERLANDS WTC Amsterdam Zuidplein 36/H-Tower NL-1077 XV Amsterdam Netherlands Tel +31 (0) 20 799 7929 Fax +31 (0) 20 799 7801 BELGIUM/LUXEMBOURG Symantec Belgium Astrid Business Center Is. Meyskensstraat 224 1780 Wemmel, Belgium Tel: +32 2 531 11 40 Fax: +32 531 11 41 DACH Humboldtstrasse 6 Gewerbegebiet Dornach 85609 Aschheim Deutschland Tel +49 (0) 89 94320 120 Support :+44 (0)870 850 3014 NORDICS St. Kongensgade 128 1264 Copenhagen K Danmark Tel +45 33 32 37 18 Fax +45 33 32 37 06 Support +44 (0)870 850 3014 ASIA PACIFIC HONG KONG

Room 3006, Central Plaza 18 Harbour Road Tower II Wanchai Hong Kong Main: +852 2528 6206 Fax: +852 2526 2646 Support: + 852 6902 1130 AUSTRALIA Level 13 207 Kent Street, Sydney NSW 2000 Main: +61 2 8220 7000 Fax: +61 2 8220 7075 Support: 1 800 088 099 SINGAPORE 6 Temasek Boulevard #11-01 Suntec Tower 4 Singapore 038986 Main: +65 6333 6366 Fax: +65 6235 8885 Support: 800 120 4415 JAPAN Akasaka Intercity 1-11-44 Akasaka Minato-ku, Tokyo 107-0052 Main: + 81 3 5114 4540 Fax: + 81 3 5114 4020 Support: + 852 6902 1130

More Information

Chaos Theory

IT Security Management

5
(9)
(10)

About Symantec.cloud

Symantec.cloud uses the power of cloud computing

to secure and manage information stored on

endpoints and delivered via email, Web, and instant

messaging. Building on the foundation of

MessageLabs market leading software-as-a-service

(SaaS) offerings and proven Symantec technologies,

Symantec.cloud provides essential protection while

virtually eliminating the need to manage hardware

and software on site.

More than ten million end users at more than

31,000 organizations ranging from small

businesses to the Fortune 500 use Symantec.cloud

to secure and manage information stored on

endpoints and delivered via email, Web, and instant

messaging.

Symantec.cloud helps IT professionals to protect

information more completely, manage technology

more effectively, and rapidly respond to the needs

of their business.

For specific country offices

and contact numbers, please

visit our website.

Symantec.cloud North America

512 7th Ave.

6th Floor

New York, NY 10018 USA

1 (646) 519 8100

1 (866) 460 0000

www.MessageLabs.com

Symantec helps organizations secure and manage their information-driven world with security management, endpoint security, messaging security, and application security solutions.

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

www.referenceforbusiness.com securitymanagement endpoint security, messaging security application security

References

Download now ( PDF - 10 Page - 223.52 KB )

Related documents

Pike and Shot wargame rules: Tyneside Wargames club November 2009

Continue current actions facing the nearest enemy (Charge?) Advance towards nearest enemy (Charge?).. RF2-5 Withdraw to cover further

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

E-SPIN Professional book on Security Management will focuses on Security Information and Event Management (SIEM), Compliance Management, PCI Data Security

Report on citizenship law : Ecuador

of citizenship, this constitution, which was the last one to make the distinction between the concepts of citizen and national, finally recognized universal access to

Presented By: Corporate Security Information Security Treasury Management

Corporate Security Information Security Treasury Management.?. Is Your Business Prepared for a

SaaS. A Cost Reduction Strategy or a Source of Strategic Advantage? Paul Selway Solution Architect

Typically as SaaS vendors control the hardware, firmware, operating systems, and software they can harden the security model.  Audit & Compliance – SaaS solutions

IT Security Management

The ANAO recommends that agencies improve IT equipment security practices by ensuring that physical and environmental security controls of computing resources are clearly stated

Industry Metrics for Outsourcing and Vendor Management

• Maintenance Resources Consumed • Cost • Effort • Elapsed time Quality • Defects • Customer survey Output • Function points. The following summarizes common measures used

How to do my biography

Mba essay writing service Best essay writing companies Can i buy an essay now hiring Paying someone to write papers for money