Securely Leveraging the Internet: The Business Imperatives
The Internet continues to drive a steady transformation of how organizations operate and grow. It does this by providing ubiquitous, inexpensive and standards-based connectivity that all people and organizations can take advantage of to communicate and collaborate. Organizations leverage the Internet and internet technology in an uncountable number of ways, from servicing their customers to collaborating with their supply chains.
While the Internet has been an important phenomenon for more than 10 years now, it remains a critical transformative force in the world, driving change in business, government, entertainment and social interaction. Given this it remains a critical business imperative for organizations to continue to prepare for the day when the Internet is the foundation of all internal communications and operations as well as external interactions with customers, business partners and others around the globe.
For all the benefits, fully embracing the Internet also can expose high level business challenges. An organization must determine how to simultaneously let business in while keeping risk out. Virtually every organization these days needs to achieve several goals that are often largely dependent on their IT strategies. These business goals are improved time-to-market for products and services while preserving reasonable security and control, cost savings and efficiency and improved user satisfaction.
Time-to-Market
As markets and business environments change, speed and agility are essential to refocusing business resources and priorities in order to quickly and efficiently bring new and enhanced products and services to market. Successfully responding to the opportunities enabled by the Internet can change an entire business, enabling faster product development, new markets and channels, closer customer relationships, stronger brands and greater competitive barriers.
However, while the use of the Internet can enhance organizational speed and agility, it can also create numerous security exposures and vulnerabilities. By definition with the move to the Internet you are placing your organizational lifeblood your proprietary and private data and applications in an easily accessible medium. How do you secure these critical resources both easing access and controlling access? How do you provide access to these assets while also meeting your IT control objectives that are so critical for regulatory compliance and data privacy?
Today, organizations continue to deploy ever growing portfolios of applications in support of rapidly increasing and diverse user populations. This places unprecedented demands on an organization's IT and security management strategies.
Cost Savings
Every sensible Internet strategy revolves, at least for profit seeking organizations, around the ultimate business truth it only matters if it leads to your organization making or saving money. As companies continue to assemble ever larger portfolios of applications that are accessed by rapidly expanding user populations, significant security management scaling problems generally arise. Historically, organizations could deploy a limited number of applications to a relatively small number of users in a reliable, low cost manner, even if security management was conducted in a highly manual fashion. As the number of these applications and users grew with the growth of the Internet, the costs to support and secure them has often grown exponentially. This approach simply is not viable.
In the IT organizations of large enterprises, this growing portfolio of applications has stretched development resources to the limit. IT must continue to find ways to provide new generations of business-supporting applications while controlling costs. Traditionally, these applications have all had their own similar but separate security implementations using access control lists (ACLs) and custom security logic to provide authentication, authorization and auditing/reporting services, treating each user separately and independently of the same user in other applications. In the IT security arena these applications are typically referred to as being "siloed" from a security perspective.
The siloed security model works fine when you have just a few applications and a relatively small user community. However, few businesses can afford to build, embed and maintain dozens or hundreds of separate security implementations as they scale up to full Internet usage with all their user constituencies. Just as IT departments strive to standardize on and share resources in such areas as application servers, Web servers, operating systems and hardware, they also need to provide centralized, shared security resources to achieve consistency, usability and simplicity and considerable cost savings.
