While enabling novel ways of interacting and conducting business, pervasive connectivity is also heightening the risk factor for many organizations, a Symantec executive has warned.
Collaboration is taking many forms, noted John Magee, vice-president of product and services marketing at Symantec Corp. during his keynote at the IT360 conference in Toronto this week.
They include outsourcing, joint research projects between multiple companies, and several other initiatives – all supported by technology.
These projects – despite their potential – also carry some risk, he said.
“At some point in time, organizations became so dependent on IT systems that they can’t live without them.”
According to Magee, risk has also been intensified by increasingly complex IT infrastructures — the result of multiple systems, new technologies, and consumer technologies moving into the enterprise.
Magee identified four principal categories of risk:
- Availability risk, he said, affects the protection and accessibility of data in the event of a disaster.
- Security risk relates to continually morphing internal and external threats.
- Compliance risk pertains to internal IT governance, regulatory compliance, and the ability of companies to protect data and make it accessible in the event of litigation.
- Performance management risk affects an IT organization’s change management capability in the face of new opportunities that support business objectives.
Organizations should assess these types of risk holistically, and devise a strategy to eliminate them, while improving overall IT performance, Magee said.
He rued that risk management is often an afterthought addressed in a disjointed manner.
“The opportunity is to understand risks to your IT environment, and then be able to tackle them not piece-meal, but in a systematic way that spans across all of your applications and initiatives.”
The approach he recommended is: to standardize then automate IT processes.
Doing this, he said, will effectively get rid of fragmentation, and lack of repeatability that foster risk.
Magee further identified six key process domains “ripe for automation”: security, IT compliance, information management, storage, IT operations, and business continuity.
“If you think about security, [for instance], information flows through an organization. You need to deal with it as it goes from database, to someone’s desktop, and sent out over e-mail.”
Magee described key elements of the evolving threat landscape.
He said collaboration has spawned new business models and a multitude of endpoints that need to be secured.
These include mobile devices that can access corporate networks and serve as storage devices for data theft, said Magee.
Other endpoints are the laptop, desktop, and application, messaging, file and database servers.
User mobility is pushing the physical boundaries of the enterprise, in that demarcation is now wherever the user is connected, be it a coffee shop or home.
“People are now the new perimeter. It’s not just about a corporate firewall.”