By Tom Schmidt
The battleground for security has shifted. No longer is it just about the computer or even the corporate network. Instead, the new challenge is about protecting users' most important assets: their information and their interactions. Providing that protection is at the heart of what has been dubbed "Security 2.0."
Evolving challenges
Security 2.0 has evolved in response to a dramatically shifting threat landscape. Previous editions of the Internet Security Threat Report have documented that attack activity has evolved from being motivated by status for technical prowess to being motivated by financial gain. Many of today's threats are designed to gather information that has financial value to the attacker. This can include personal information that can be used for the purpose of identity theft (the act of stealing the information) or fraud (using the information to commit fraud).
As the most recent Threat Report observed:
"The current threat landscape is populated by lower profile, more targeted attacks, attacks that propagate at a slower rate in order to avoid detection, and thereby increase the likelihood of successful compromise. Instead of exploiting vulnerabilities in servers, as traditional attacks often did, these threats tend to exploit vulnerabilities in client-side applications that require a degree of user interaction, such as word processing and spreadsheet programs. A number of these have been zero-day vulnerabilities. These types of threats also attempt to escape detection in order to remain on host systems for longer periods so that they can steal information or provide remote access."
People are the new perimeter
Of course, the threat landscape isn't all that is evolving. So too is the network perimeter. Traditionally, an enterprise's computer network has been a well-defined entity, with clear perimeters and fixed endpoints throughout. But that was yesterday. Today's IT network landscape has changed almost beyond recognition:
- Instead of one corporate platform and operating system, companies now routinely mix PCs and Macs with Windows, Unix, Linux and more.
- At the same time, network usage has expanded to include multiple endpoints beyond the traditional desktop and servers. From laptops to PDAs to smartphones to guest computers, network boundaries have morphed to embrace a new business paradigm.
- Today, the physical network perimeter is no longer defined by network devices. Instead, the people using the system -- employees, customers, guest users and partners -- comprise the new boundaries.
- Technology innovations, driven by pervasive computing, are fueling new business capabilities and business models. Customers, connecting directly to corporate networks, now accomplish transactions that were once completed by corporate employees.
That's the reality of the online world today. Moreover, customers expect faster access to their information, and enterprises must keep up with growing customer expectations and look for ways to leverage new technologies.
Making it all work
So what makes this new world work? The answer shouldn't come as a surprise. What makes it all work is confidence. Confidence is the essential component if enterprises expect to realize the full potential that these new technologies bring. And confidence comes only when all those in the connected world believe that their information is protected, their interactions are secure, and the risk of harm is minimal.
Protecting this information and securing these interactions takes more than bolted-on security. It takes integrated products and services that provide a holistic view into an organization's security posture. It also takes solutions that identify risks early -- so that steps can be taken to mitigate them and prevent an attack. And it entails enabling customers to manage their security events -- no matter what products they may already have installed.
Conclusion
External threats like phishing, pharming, and identity theft, are evolving at an accelerating pace. Criminals and malicious users are no longer focused on PCs or networks; instead, they now reach into the depths of the world's data banks. These disturbing trends are introducing new risks to our most valuable asset -- information -- as well as our interactions that today span dozens of platforms and hundreds of devices. Clearly, a new approach to protecting information and interactions is required.
Security 2.0, which integrates software, services and partnerships, represents a vision for building confidence in today's connected world. Its goal: the comprehensive protection of business interactions, critical information and IT infrastructure.
Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.