A security regime to liberate your organization
Go on the offensive, and guarantee trust
Bull’s approach to security is built on the conviction that security adds value, provided that it is extremely agile, business-focused, and aligned with corporate strategy. The results are a great deal more than you would get from paying the price of a multi-risk insurance policy, as three kinds of advantages are on offer: greater productivity, more flexibility, and competitive differentiation. So, achieving ROI for security is possible, after all…
In the early years of this decade, the Enron affair and numerous calls for financial transparency and data protection have led to regulations being tightened considerably. As set out in numerous edicts (SOX, Basel 2, Solvency 2, HIPAA, LCEN...), these stipulations all included strict rules about IT security: marking the point where is has become part of internal control and audit requirements. The current financial crisis and the various scandals unfolding are symptomatic of risk-based, inadequate controls, and should see even more emphasis being placed on these regulations in the years to come.
A paradoxical challenge: combining openness and security
The need to align information systems with corporate strategy today highlights security as a key issue. The restrictions and obligations dictated by the various edicts aimed at regulating security in specific business areas reflect its vital importance for the years to come. Because, with more and more business happening on line, exchanges within the organization itself or its immediate environment never have been so critical. The risks are numerous: theft or loss of confidential data, fraud, vandalism, blackmail or refusal of service, economic intelligence... This challenge is more and more complex, with the increasing openness towards partners, customers and citizens.
Media are constantly reminding us that nobody is immune from possible security incidents or malicious acts. The consequences may be disastrous for any organization that becomes a victim of a security breach, sometimes involving significant financial losses. As things stand at the moment, any organization evolving and progressing in a broader ecosystem will have to embrace a paradoxical imperative: the obligation to combine openness and control.
Security: a protection or a prison?
Faced with this paradoxical challenge, organizations have a lot of work to do. Those who are most worried are dedicating between 6% and 9% of their IT budgets to security, with dedicated teams and whole business functions devoted to the issue. Taking the sums involved into account, the question is no longer simply one of how much to invest, but of the degree of profitability achieved.
Today, nevertheless, we are forced to acknowledge that the current system is reaching its natural limits. Because, quite simply, the kind of protection required to run an open and distributed system poses a real problem for IT Departments. For every new threat that surfaces, a new solution has to be found. Every failure in the system needs a new patch. The result is a very costly ‘haystack’ of security solutions that are often irregularly built and badly integrated, stacked up over the years, and resulting in a multitude of obstacles and protections that result in new constraints on users, and seriously affect the organization’s agility.
This challenge is made more difficult because information systems are so ubiquitous and computing is a commodity: people are increasingly using their own personal tools (Smartphones, netbooks, Facebook...) in a variety of contexts, not just within the enterprise itself and its ‘security bubble’. Drowning in the constraints imposed by inappropriate security, users will not hesitate to by-pass the official solutions by opening up new chinks in the armor. Given this trend, there is now an urgent need to re-focus security on the user, and to measure the effectiveness of solutions by their capacity to liberate the user in their work. Protection must not become a prison.
An emerging paradigm
It’s easy to see security as a fortress or a permanent defense against attacks and threats. Bu this rather narrow vision of security has, for a long time, resulted in an emphasis on technology-oriented solutions.
Today we need a totally new approach. One that is geared to creating value, and centered on people and business processes. Security that is not only defensive, but agile and proactive in an open world.
Towards security for an open world
This new-generation security must have three key qualities:
Moving towards security that creates value
Security is at the crossroads where three different paths meet: those of information technology, the enterprise’s business strategy, and user requirements. It will only be able to offer the service that everyone needs if it can successfully reconcile the technology with the specific business activity and usage it is required to control.
As a pioneer in security, Bull has adopted this kind of approach for a number of years now.
As a designer of high added-value security solutions in key technologies, Bull’s approach is designed to align security with business challenges and human issues: most notably through Identity and Access Management (with Bull Evidian), mobility (with globull), encryption (with Bull TrustWay), transaction management (with Bull Crypt2Pay and Bull MetaPKI) and data security (with Bull StoreWay). An expertise that is highlighted by industry analysts, who have regularly recognized Bulls offerings with numerous awards, particularly those received by Evidian, acknowledged as a European leader in Identity and Access Management (IAM).
In its capacity as a consultant, integrator and then outsourcer, the Group supports major organizations in implementing tailored security solutions, adapted to their core business activities and processes. Major achievements include the security systems for the French government’s on-line VAT and tax filing systems (TeleTVA and TeleIR), Chorus (the French public sector financial management system), the virtual design platform for the Falcon 7X built by Dassault Aviation, and the payments systems equipment installed in 95% of French banks.