Security Profession blog

Thursday 17 April 2008, 1:34 PM

Security is moving beyond the perimeter

Posted by (ISC)2

I was reading some of the early results from our 2008 (ISC)2 Global Information Security Workforce Study recently and was quite interested to see that more companies are deploying cryptography and storage security.

It seems we’ve finally moved away from the perimeter and are focusing on the data that’s inside it.

Of course the edge of the network is still important. Firewalls, intrusion detection and identity and access management are still more widely deployed by the 6,523 certified information security professionals surveyed globally for the survey. The majority of organizations have good perimeter security technologies in place.

It’s what’s driving this change that’s most interesting. I believe increasing compliance and greater awareness of it by top level management is one of the main drivers. Company bosses know that if they lose confidential data it could not only leave them liable, but it could damage customer relationships, business reputation and future growth. There’s nothing like threat of jail or business failure to get the CEO to sit up and ask what’s being done to secure customer data. The other driver is probably the payment card industry data storage standards (PCI DSS). These standards are being mandated by Mastercard and VISA and are impacting on any organization that transacts money online. It’s iteresting that the suppliers are dictating security standards to their customers.

Securing specific data with encryption and storage security such as access controls is also a response to more and more companies falling foul of their customers by letting lapse security procedures put data at risk (e.g. TK Maxx last year, HMRC last month and HSBC last week).

I will be discussing the full results at INfosecurity Europe on Tuesday 22nd April in the keynote theatre at 15:45.

John Colley
(ISC)2 Managing Director, EMEA

• 1 comment  | 
• Post a comment  | 
• TrackBack  | 
• Clip Link