IT departments need to rethink how they develop network security to take into account greater collaboration between businesses, industry analysts have urged.
Threats to the network are emanating from changing business processes, which is why security needs to be aligned closely with operations, said Bill Nagel, researcher, security and risk management, at Forrester Research.
Greater collaboration with partners, suppliers and consultants involved in the business process mean that third-parties increasingly require access to corporate data.
"Managing this shift and changing the IT focus from the perimeter to an information-centric approach - including access control and rights management - is a transition companies need to make," said Tim Pickard, vice-president at security supplier RSA.
Analysts are advising IT directors to focus on wireless access and web-based applications, as remote staff, contractors and business partners dilute the perimeters of where network security should begin and end.
There is a need to concentrate on threat protection, access and authentication, but for these measures to be effective, they have to be in line with business processes.
"A comprehensive security policy should be based on your business view on risk," said Jay Heiser, research vice-president at Gartner. He urged IT directors to carry out a formal risk assessment of the dangers to the business and ensure that the network manager is tasked to deploy relevant IT security to meet these goals.
"Risk is attached to every element of the infrastructure, and so management needs to work with IT to understand the network as a whole," said Heiser.
Last year's Department of Trade & Industry Information Security Breaches Survey highlighted the problem IT departments face in justifying spend on network security. Any benefit, such as preventing incidents that might have occurred, cannot be measured, and whatever is spent on security, there is no guarantee of safety, it said.
"The business wants to be able to measure its return on investment on everything, and that is quite a difficult thing to do with security," said Nagel.
Related article: End-point security: a matter of trust
Comment on this article: [email protected]
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security