The increasing dependence of enterprises on technology has lead to a parallel increase in the challenges of keeping enterprise technology and data assets secure. Now, with the additional demand for remote, mobile and flexible working capabilities, the security issues have been magnified.
Today's corporate culture means that the days of securing the enterprise solely by concentrating on the perimeter defences are long gone. Links to supply chain partners have blurred corporate boundaries; mobile working has opened the network to external influences; and device proliferation has made perimeter security a nightmare to support.
There is clearly a need to consider information security solutions that have a broad and visible impact on corporate operations by focusing on the architecture as a whole, not just the perimeter. Digital security should tackle the whole business rather than individual applications or departments.
The result is that businesses require - and can permit - ever-increasing ease of access to corporate information for the authorised user.
Many organisations are creating infrastructures that are secure by design, rather than relying on bolt-on solutions such as firewalls and anti-virus software. As an example, in a secure by design infrastructure information would be managed centrally and access to information delivered depending on the users' status at that point in time.
To illustrate this, a user logging in on a corporate PC, from a trusted network would get more access than if they were using their PC from home. They would also get a different level of access if they used a mobile device such as a Pocket PC or Blackberry.
When it comes down to it, information security is really about securely bringing together the organisation's two most important assets - information and people. In order for this to happen, security policies must be based on the fact that users' requirements will differ depending on their role and information needs. Information security does not need to simply be an on/off switch. The level of access permitted can be dictated by the users' location, role, device and request.
Users are often accused of being the weakest link in an organisation's defences. So, rather than leaving security in the users' hands, (who really remain interested in getting their job done well) the conflicting needs of the business for wider access, and the IT department for wider security, can be met simultaneously and reliably with a centralised responsive approach.
For once, technology is not being served by a binary yes/no response. Instead, it is a question of sense and response. Being able to identify who is requesting access to information and then responding with the most appropriate level of authorisation can only be a good thing for the CIO and the user alike. Just as employees have varying levels of physical access to company files, decided by managers or lock and key, so the same should apply in the digital world.
Lewis Gee is area vice-president, UK/Ireland/South Africa, at Citrix Systems
This article is part of Computer Weekly's Security Special Report produced in association with Citrix
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
For more information visit the Citrix website