A New Vision for Enterprise Security Convergence

The Unification of Security, IT and Enterprise Risk Management Drives the Process


These new forms of corporate structure come with enormous risk. Maintaining an extended enterprise demands careful due diligence of business partners, suppliers and other entities relied on for operations. Today, these external organizations are more closely tied to companies than ever before. Outsourced manufacturing, for example, necessitates that product strategies, plans and other highly competitive and confidential information be shared. While most business partners are honest, there are cases where contract manufacturers producing products for a company also make cheaper knock-off versions of those same products for the counterfeit market. Even more insidious are unscrupulous distributors who divert products into unauthorized sales channels, damaging the integrity of overall sales distribution.

Expanding Opportunities Create Expanding Risks

Global geo-political changes are also opening new markets for economic development in some of the most high-risk regions of the world, including Eastern Europe, the Middle East, Latin America and Africa . Companies are compelled to enter these dangerous markets early to take advantage of the burgeoning opportunities and establish themselves as leaders. Securing operations in those areas is a daunting task hampered by immature infrastructure, social and political unrest and organized criminal activities.

In many industries, joint ventures with competitors impose additional risks. Companies compete in some markets while partnering in others. Only sophisticated and well-coordinated security processes and procedures developed in close cooperation with IT experts can effectively protect companies in such risk-laden endeavors.

Another recent development is adding to the threat equation. Employees today expect and are expected to stay in contact with their companies almost constantly. Workers log into corporate networks from home computers, from cell phones and other mobile devices. The levels of security in place for the use of these new communications processes are far from adequate. Stolen and/or lost laptops contain volumes of sensitive and confidential data. Only now that the problem is impacting the general public are efforts underway to determine the scope of the problem and begin to defend against it.

Against this backdrop of spiraling risk, cyber criminals are constantly upping the ante and devising new and more insidious methods of breaching even the most robust corporate security systems. Corporate networks are under constant siege from viruses, worms, SPAM attacks and spyware. It is the arms race of the 21 st century – and the bad guys are proving to be extraordinarily adept at keeping several steps ahead of the law.

A New Tool From An Unlikely Source

Government oversight and regulation is usually an anathema in the world of business. Unfettered free market growth and competition are seen as the most tested and reliable path to economic growth, profitability and societal prosperity. Responding to highly publicized instances of corporate wrongdoing like that of Enron, Global Crossing and others, government regulators are imposing stiff new regulatory compliance laws aimed at curbing such crimes and making companies more accountable for protecting the interests of shareholders, investors and the general public. New regulations like Sarbanes Oxley, GLBA, HIPAA and the Patriot Act demand that companies not only institute effective controls over their financial and operational systems but that they document the effectiveness of those processes on a continual basis.

As the initial wave of protest over the financial and administrative costs of the new regulations subsided, some companies began to perceive some unexpected benefits from the new rules. Careful scrutiny of financial and operational audits often exposes potential weaknesses and vulnerabilities that can be corrected. Forward-looking companies recognized the competitive advantage from applying risk management techniques to all that new information. It is precisely that approach that many anticipate will ultimately address the growing threat of unsecured information systems and data theft.

Indeed, the prism of regulation compliance combined with the convergence of traditional security, IT and financial risk management gives new and powerful focus to the conventional tactics companies use to institute and maintain effective enterprise-wide security. The essential mission of protecting key assets and capabilities, detecting attacks and malicious actions, responding to those threats with rapid notification and reaction, and recovering from them with disaster recovery and business continuity planning can now be greatly enhanced by regulatory compliance.