IT directors must become more savvy about the commercial needs of the business if they are to convince their boards to spend the right amounts in the right places to deliver efficient network security.
At yesterday’s Communications Management Association conference in London on securing networks, Ovum analyst Graham Titterington outlined the strategy that IT directors and network managers should take.
Titterington said, “Only the board can decide the scope of business operations and the processes to be used, but everyone in the business has a role to play when it comes to enterprise risk management.”
However, said Titterington, when it came to getting the right security systems in place, IT directors had to take a business approach to get their boards to act in the right way in response to security requirements.
Titterington said IT directors had to use a positive message about what productivity gains could be achieved by improved security. Titterington said “it was hard to get investment with no return”, despite better security being an important gain in itself, and that some security technologies delivered substantial financial gains.
He highlighted automated user provisioning, federated identity management and virtual private networks (VPNs) as key security technologies that helped to reduce cost and increase security in the business.
Automated provisioning can let organisations add new staff to the network much quicker, raising overall productivity. In addition, when staff leave a firm, it should be able to recover laptops and mobile phones much quicker.
Titterington cited Network Rail as an example. The organisation had introduced automated provisioning and seen an increase in productivity and improved protection of hardware assets as a result.
Federated identity management reduces the number of passwords an employee has to remember or carry around with them to access application on the network, and allows them to use them in a streamlined way on the network, reducing overall network traffic.
And VPNs reduce the costs of remote connectivity and deliver end-to-end encryption on the data accessed.
The conference, attended by CMA members from industry and public authorities across the UK, also considered voice over IP security, security incident management, secure flexible working, compliance and governance, and mobile security.