By Hassan Maad, General Manager, Bull Evidian
Economic crises have always been a pivotal point for company policies. The most recent one is no exception, but in particular it has brought IT security right back at the top of the agenda, so it is once again a central concern for senior management and IT Departments alike. To ensure a healthy and sustainable recovery for its customers, Bull has reviewed and updated its security offerings, so they are even more transparent, aligned with business needs and deliver even greater added value.
While the 2001 crisis and the fallout from the Enron affair led to higher demands in terms of financial transparency and a whole raft of new regulatory controls (Sarbanes Oxley Act, Bâle2, LCEN…), as a result of the 2008 crisis these controls are likely to be applied even more vigorously, and over a wider field. However, this time there are grounds for hope that computer security will not simply involve applying these restrictive regulations, but will be the result of a wider debate about all business processes, across all sectors. IT security has many facets, and is inextricably linked with the prevailing economic and social environment. Financial transparency is still the most important concern, but how to protect private data, the ‘right to forget’ on the Internet… are all just as important, and are making us rethink IT security in an environment undergoing profound change.
So, while we saw a rapid expansion in IT security as a result of the first economic crisis of the century, the second offers a great window of opportunity to fine tune and apply security policies to help organizations meet these new requirement: but only if we take on board the lessons learnt from the period that has ended, and the new reality.
Pressured to implement quick-fix solutions and find rapid remedies, IT managers have been swiftly faced with the problem of how to apply security policies that align with the organization’s business processes. Initially driven by the ‘marketing of fear’, and more recently by the new regulatory framework, IT Departments recoiled in front of an avalanche of proposed solutions to dangers that were sometimes, apparently, quite questionable. Today, risk management is one of their highest priorities, as it is for senior executives and directors, whose watchword is ‘rebuilding trust’. Because this is now the key to any drive to secure information and communications tools within public and private sector organizations alike. Bull’s IT security solutions are absolutely focused in this direction, providing customers with the building blocks they need to restore trust at the very heart of the business itself, and more widely, within its own ecosystem. In particular, there is growing demand for Bull Evidian’s Identity and Access Management (IAM) solutions, because they offer truly transparency user access and an effective way to apply the policies designed to safeguard the information accessed by users inside and outside the organization.
It is clear that security once again features high on the list of investment objectives for 2010 – recent research confirms this – in a marketplace where new solutions emerge every day of the week. So what factors do you need to take into account when investing in secure solutions for today, and for the future?
The first requirement: transparency. In the era of ‘Cloud Computing’ and virtualization, of heterogeneous systems and multiple technology platforms working alongside each other, security solutions have to mask complexity and provide high-level transparency, both for Users and for Security Managers. Bull is already very well aware – because it has built up in-depth expertise and understanding of the numerous components that make up the information processing chain – that for security to be really effective, it has to be understood by everybody. To achieve this, security cannot consist of simply adding on solutions distributed across many different systems, with many different specialists only understanding their own ‘black boxes’. That is where the real risk lies: confronted with these multiple layers of protection, users will be falling over themselves in the race to break them, or to exploit the weak points in the system at the first opportunity. By contrast, the P&TLuxembourg’s launch of a new ‘Cloud Computing’ services infrastructure, secured by Bull, is an excellent example of the new paradigm.
The second requirement: security aligned with business needs. Security can never be universal in its application because individual business risks need individually tailored solutions. Bull, for example, offers solutions specially designed for the health sector, and others designed for banking… Regulatory frameworks are also closely aligned with business activities. Computing tools have to take this essential dimension into account, and increasingly focus on the business needs of individual users and the organization as a whole. Everywhere you look, users are clearly getting more involved in the process of developing tools that implement corporate security policies. Bull has been one of the first to adapt a host of new solutions for trading floors and stock markets, healthcare facilities, local authorities, distribution and telecoms operators, for example.
The third requirement: support for openness. In any organization that is part of an Open World, the user is often not just an employee, but also a partner or a customer. It is no longer enough just to secure information within a corporate stronghold, protecting it from external threats and ignoring the risk that often comes from the inside. The user’s relationship with computing is changing at breakneck speed. Users have never been more mobile, and information is now accessible to them from any point on the planet. They can not only access data from within the enterprise, but also from public places, from home, and without any warning. Meeting this need is at the heart of globullTM, one of Bull’s most recent innovations; combined with Evidian’s IAM solutions, the Group’s security offerings are making it possible to connect to data in a transparent and secured way from any point on the globe.
In our view, today’s demands for transparency, business agility and openness are absolutely the three most important priorities for a successful economic recovery in complete security.