Contents
Editorial
Tribune
Guest contributor
Hot topics
Business cases
Solutions
Experts voice
At a glance
Quick poll
Events
PDF version
 

Subscribe to
Bull Direct:


 

Archives
N°32  |  December   2008
Executive opinion

A security regime to liberate your organization
Go on the offensive, and guarantee trust

Interview with Hassan Maad, General Manager, Bull Evidian


Photo

Bull’s approach to security is built on the conviction that security adds value, provided that it is extremely agile, business-focused, and aligned with corporate strategy. The results are a great deal more than you would get from paying the price of a multi-risk insurance policy, as three kinds of advantages are on offer: greater productivity, more flexibility, and competitive differentiation. So, achieving ROI for security is possible, after all…

In the early years of this decade, the Enron affair and numerous calls for financial transparency and data protection have led to regulations being tightened considerably. As set out in numerous edicts (SOX, Basel 2, Solvency 2, HIPAA, LCEN...), these stipulations all included strict rules about IT security: marking the point where is has become part of internal control and audit requirements. The current financial crisis and the various scandals unfolding are symptomatic of risk-based, inadequate controls, and should see even more emphasis being placed on these regulations in the years to come. 

A paradoxical challenge: combining openness and security 
The need to align information systems with corporate strategy today highlights security as a key issue. The restrictions and obligations dictated by the various edicts aimed at regulating security in specific business areas reflect its vital importance for the years to come. Because, with more and more business happening on line, exchanges within the organization itself or its immediate environment never have been so critical. The risks are numerous: theft or loss of confidential data, fraud, vandalism, blackmail or refusal of service, economic intelligence... This challenge is more and more complex, with the increasing openness towards partners, customers and citizens.  

Media are constantly reminding us that nobody is immune from possible security incidents or malicious acts. The consequences may be disastrous for any organization that becomes a victim of a security breach, sometimes involving significant financial losses. As things stand at the moment, any organization evolving and progressing in a broader ecosystem will have to embrace a paradoxical imperative: the obligation to combine openness and control.

Security: a protection or a prison?
Faced with this paradoxical challenge, organizations have a lot of work to do. Those who are most worried are dedicating between 6% and 9% of their IT budgets to security, with dedicated teams and whole business functions devoted to the issue. Taking the sums involved into account, the question is no longer simply one of how much to invest, but of the degree of profitability achieved.  

Today, nevertheless, we are forced to acknowledge that the current system is reaching its natural limits. Because, quite simply, the kind of protection required to run an open and distributed system poses a real problem for IT Departments. For every new threat that surfaces, a new solution has to be found. Every failure in the system needs a new patch. The result is a very costly ‘haystack’ of security solutions that are often irregularly built and badly integrated, stacked up over the years, and resulting in a multitude of obstacles and protections that result in new constraints on users, and seriously affect the organization’s agility. 

This challenge is made more difficult because information systems are so ubiquitous and computing is a commodity: people are increasingly using their own personal tools (Smartphones, netbooks, Facebook...) in a variety of contexts, not just within the enterprise itself and its ‘security bubble’. Drowning in the constraints imposed by inappropriate security, users will not hesitate to by-pass the official solutions by opening up new chinks in the armor. Given this trend, there is now an urgent need to re-focus security on the user, and to measure the effectiveness of solutions by their capacity to liberate the user in their work. Protection must not become a prison.  

An emerging paradigm 
It’s easy to see security as a fortress or a permanent defense against attacks and threats. Bu this rather narrow vision of security has, for a long time, resulted in an emphasis on technology-oriented solutions.
Today we need a totally new approach. One that is geared to creating value, and centered on people and business processes. Security that is not only defensive, but agile and proactive in an open world.  

Towards security for an open world

Defensive security

Agile and proactive security

Fortress

Integrated immunity

Technology-oriented

Aligned with business processes 

Centered on IT

Putting the user at the heart of security 

Local

Ubiquitous and mobile

In silos

Integrated

This new-generation security must have three key qualities:

  • Agility. Because more than ever before, an organization’s agility is the vital ingredient when it comes to the success of its initiatives. Propelled by changes in the economy that are taking place at high speed, all organizations operate in a sphere of trust that extends well beyond their own boundaries. In this context, the user is everywhere: at the heart of the organization itself, out visiting customers or partners, on the road, accessing their workspace remotely when on vacation... The user is at one and the same time a partner, a customer, and a citizen. Access to the information they need is made at any moment, from any point, and using different methods of communication. Security must know how to follow this user everywhere, and responsively mirror the constant reconfiguration of the user’s relationships within business ecosystems.
  • Business focus. Because this is based on the analysis of risks and business opportunities. The constraints and priorities of a manufacturer differ fundamentally from those of a telecoms operator, a bank or a public sector agency. So there is no such thing as a universal solution: every security strategy must adapt to specific business challenges and processes. Better still, it must support and improve them. In this sense, going beyond technology, it is essential to remember that security is above all an organizational issue.
  • User focus. Because security is not a product, but a process. If too complicated to use, administer or audit, it will be by-passed. It’s a fact: putting the user at the heart of the security strategy actively contributes to reinforcing that system’s security. A user that adheres to a security procedure is a real mark of success. So it is important that the usability of tools is taken into account from the outset. Security requirements that involve subjecting users to repetitive tasks that rely on their human qualities are dangerous. Single Sign-On and access management tools, and their recent rise in popularity, are the best illustration of this.  

Moving towards security that creates value 
Security is at the crossroads where three different paths meet: those of information technology, the enterprise’s business strategy, and user requirements. It will only be able to offer the service that everyone needs if it can successfully reconcile the technology with the specific business activity and usage it is required to control.  

As a pioneer in security, Bull has adopted this kind of approach for a number of years now.
As a designer of high added-value security solutions in key technologies, Bull’s approach is designed to align security with business challenges and human issues: most notably through Identity and Access Management (with Bull Evidian), mobility (with globull), encryption (with Bull TrustWay), transaction management (with Bull Crypt2Pay and Bull MetaPKI) and data security (with Bull StoreWay). An expertise that is highlighted by industry analysts, who have regularly recognized Bulls offerings with numerous awards, particularly those received by Evidian, acknowledged as a European leader in Identity and Access Management (IAM).  
In its capacity as a consultant, integrator and then outsourcer, the Group supports major organizations in implementing tailored security solutions, adapted to their core business activities and processes. Major achievements include the security systems for the French government’s on-line VAT and tax filing systems (TeleTVA and TeleIR), Chorus (the French public sector financial management system), the virtual design platform for the Falcon 7X built by Dassault Aviation, and the payments systems equipment installed in 95% of French banks.  

Bull’s approach to security is built on the conviction that security adds value, provided that it is extremely agile, business-focused, and aligned with corporate strategy. The results are a great deal more than you would get from paying the price of a multi-risk insurance policy, as three kinds of advantages are on offer: greater productivity, more flexibility, and competitive differentiation. Far from being a hindrance and a restraint, security is now starting to actively promote business development. 
SEND TO A FRIEND
Contact  |  Site map  |  Legal  |  Privacy