A New Vision for Enterprise Security Convergence

The Unification of Security, IT and Enterprise Risk Management Drives the Process

The Bytes: Open Unfettered Access

IT professionals had a focus that was, in many respects, diametrically opposed to security professionals, particularly as global networks and the Internet became the mandatory avenues for corporate growth and profitability. In the early and middle phases of computerization of business, IT's top priority was making various elements of technology work together within the relatively secure confines of a company. As technology advanced and became more interconnected, integrating and extending technology became a priority, one that sometimes sacrificed security in favor of openness. The arrival of the Internet took that priority to new heights and IT was charged with connecting companies together in global networks. Most recently, a proliferation of new computing devices, such as PDAs, blackberries, cell phones and other mobile equipment, has added new connectivity and accessibility requirements.

The Beans: Cost Justification

In the old world, corporate finance diligently peered down from on high and kept a lid on spending. Drawn from various areas within corporate finance, they typically reported to a chief financial officer and worked to achieve financial efficiency and prevent losses. The quantitative rigor they impose on operations is well known to security professionals who have experienced the frustration of attempting to quantify the hard-dollar value of an intangible – the absence of loss through effective security.

Admittedly, all three entities had a common mission – the well-being of the company. But their agendas frequently came into opposition.

Those historic antagonisms and conflicting agenda are dissolving today as security, IT and financial risk managers come together in the face of a common threat that transcends each of their functional areas – the virtual enterprise under attack. This environment of unprecedented risk creates tremendous opportunities for security professionals to significantly elevate their corporate standing and influence. Companies recognize that the threats they face are real and growing. They perceive their vulnerabilities are becoming liabilities that will jeopardize the company's ability to compete, and to revenue growth and profitability.

The Pandora Paradox

While the Pandora's Box of ancient mythology unleashed evil into the world, the modern technology version has provided tremendous good along with its evils. No company today can unplug from the Internet, shut down its global networks and isolate itself from the dangers the technology creates. Those networks, both internal and external, have become the central nervous system of global commerce and a crucial factor in the success of economies all over the world.

This modern paradox has profound implications for the three disciplines forging the convergence of security and IT. In complex and interconnected ways, the problems are also the solutions and vice versa. Companies creating robust computer networks – linking their suppliers, business partners and, in some cases, customers – are able to compete more effectively and efficiently than those who do not. At the same time, they create tremendous risks in those sprawling, always-available systems.

Under the merciless pressure of global competition, companies are applying technology to create the efficiencies they need to survive. Outsourcing such operational areas as manufacturing and customer support to low-cost regions of the world creates huge demand for highly sophisticated computer networks capable of transmitting vast amounts of information instantly.