All the research shows that it’s true: IT insecurity is steadily increasing. And the cost is high. According to some studies, it could currently be costing over 100 billion dollars (source: Mi2G). Against this backdrop, it’s not surprising that security is one of the top concerns for IT Directors and CIOs.
Security: a critical challenge for corporate IT managers
Today, three major factors mean that effective IT security is a vital necessity, whether on operational systems or new projects:
- Computing is at the heart of core business processes : From enterprise resource planning (ERP) to e-commerce systems, information systems manage most organizations’ most vital processes and data. So they are the target of choice for potential aggressors: hackers, cyber-vandals, activists, criminals, competitors…
- Information systems are increasingly open : With the development of the Internet and mobile computing (3G, WiFi, etc), information systems provide open access to an increasing range of services for a growing number of users: business partners, customers, etc. And they incorporate more and more diverse technologies. That creates new risks – and it’s all too easy to forget – threats that also, and most often, originate from inside the organization.
- Security is now a legal obligation : From Sarbanes-Oxley to France’s LCEN law designed to build confidence in the digital economy, a growing number of regulations enshrine IT security as a cornerstone in the protection of customers and users (HIPAA – the Health Insurance Portability and Accountability Act, LCEN, etc), investors (Sarbanes-Oxley) and regulators (Basel II, etc). Security is no longer an option: it’s a requirement. Under the Sarbanes-Oxley regulations, for example, it is the CEO him or herself who must take responsibility for compliance, and who is accountable under law!
An open world, new challenges
Security is becoming a vital feature of open information systems. But that means there are new kinds of challenges to overcome. Because up to now the traditional focus of security has been on ensuring service continuity and network security, but the growth of the ‘open world’ means there are also other, new demands.
In the new, open world there are four key IT security challenges to overcome:
- Guaranteeing service continuity. The importance of service continuity has been thrown into sharp relief by tragic events such as 9/11 in the USA. The aim is to guarantee 24h/24, 7d/7 availability and provide a disaster recovery plan, in line with best practice in IT governance (ITIL®). This is an area where Bull is very closely involved not only in providing hardware solutions, but also software innovations such as its SafeKit and ARF (Application Roll-over Facility) solutions. And not forgetting services: Bull offers one of the most advanced outsourcing data centers and disaster recovery planning facilities in Europe.
- Protecting the network from attacks. With the development of the Internet, this is the number one security challenge: firewalls, IPS, VPN, etc. Today we’re moving beyond the ‘perimeter fence’ approach to network security towards a multi-faceted, end-to-end approach. In this area, Bull is involved not only through its TrustWay VPN (Virtual Private Network) solution for sensitive industries, but also by offering the best solutions on the market from partner companies: drawing on its extensive expertise as a consultant and systems integrator on large-scale projects such as the DGI Pass security gateway, securing French tax declarations.
- Authorization: identity and access management. In an open world, the challenge is not simply to protect your confidential space from external threats. The idea of the ‘corporate fortress’ is crumbling with the need to be more open to customers and business partners. As the Ancient Greek historian Thucydides said: “the security of the city depends less on the strength of its fortifications than on the state of mind of its inhabitants”. It is becoming increasingly essential to uniquely identify people within the organization, so the right people can authorize the right users, and prove these authorizations in the course of an audit. This area of security, known as identity and access management (IAM), is growing very rapidly and now offers tools that are becoming increasingly strategic for IT Directors/CIOs. In this area, Bull has invested significantly in R&D, especially via its specialist subsidiary, Bull Evidian, with two main themes: ensuring that security tools provide the closest possible fit with business processes – hence the launch of WiseGuard 3G, the new-generation, business process oriented, single sign-on (SSO) tool – and offering the highest levels of security for those who need it. This is reflected, for example in the launch of TrustWay PPS 2, a strong authentication solution that is both simple and ultra-secure for the mobile workstation: another pioneering innovation from Bull, two decades after it invented the smart card!
- Certification: ensuring transaction security. One of the values that underpins the ‘open world’ is to facilitate exchanges – between partners, customers, users… – via new technologies such as e-commerce and integrated supply chains. Which is why transaction security is so important Having proved themselves in the banking environment, the technologies to enable this are now becoming more widespread: secure on-line public services, remote transactions… Bull has invested in this area for many years, resulting not only in our digital identity management solutions (particularly Bull MetaPKI), but also solutions for Web Services and payments systems security. Our offerings in this area also include innovative solutions such as secure archiving and digital safes.
Implementation: focusing on the essentials
So how should we respond to these new challenges? Security is not just about achieving a zero-risk situation: it’s about balancing risks, time and budgetary constraints. In the increasingly complex environment brought about by the opening up of information systems, experience shows that it is vital to take a pragmatic, methodical approach.
- Take a detailed and proactive approach to analyzing risks. Security is all about prioritizing and making the right choices. There is no ‘one size fits all’ approach: it has to be adapted to each specific context: the public sector, banking, telecoms, industry… Hence the importance of analyzing the risks – before choosing any technology solution – and focusing on the right priorities. Bull, with its expert consultants in this area, is committed to providing effective support for organizations going through this process.
- Go step by step, applying the 80/20 rule. All the experience shows that creating secure information systems is a matter of bringing together a clear vision of the future and a pragmatic, step-by-step approach that concentrates on what’s most important. Bull is well versed in helping its customers focus on their major priorities, while taking full advantage of the latest innovative technologies. The Group provides solutions that offer the maximum security for minimum investment, such as SSO and strong authentication solutions. The ‘IAM NOW >’ program, launched in 2005 by Bull Evidian, very effectively encapsulates this progressive approach to identity and access management.
- Put the user at the heart of security. lT security is not a product, but a process. If it’s too complicated for the user, administrator or auditor, it will be circumvented. More than ever, the user is at the heart of security strategy. The emphasis that we are putting on user authentication is a reflection of this. Every user who keeps to the security process is, for the IS department, a measure of success. This is why it is so important to take into account from the very start how easy the security tools are to use.
In an open world, security is an increasingly one of the biggest challenges. But it is possible to respond effectively: as we have seen from experience. The challenge is not only to manage the risks. It’s a broader, business challenge: to build trust among customers, users, business partners, investors… all groups of stakeholders.
Our aim is to work alongside all kinds of organizations, to help them meet these challenges and so take greater advantage of all the positive opportunities offered by an open world!
To know more about Bull’s vision and solutions on IT security, you can download the Business White Paper “Security: the essential foundations of an Open World” >>