 
|
|
In partnership with:
|
24 April 2008 Enterprise data protection under the microscope Steve Gold, reporting from Infosecurity Europe 2008 Nigel Stanley, practice leader with Bloor Research, led a panel that also consisted of Eric Hanselman, Principal Security Architect with IBM Global Technology Services and John Dasher, Director of Product According to Dasher, enterprise security strategy has changed markedly over the last few years, largely thanks to the fact that more endpoint security has been appearing on corporate networks. The arrival of increased endpoint security, he said, has not changed the fact that modern corporates need to take a holistic approach to the issue of enterprise security. This opinion was echoed by IBM's Hanselman, who said that the main issue with enterprise security is understanding the nature of the problem that an IT manager faces. "Basically they need to keep attackers at bay. To do this, they need to protect the enterprise using all the security systems at their disposal," he told the audience. So does this mean IBM advocates a multi-layered approach to IT security on the enterprise? Possibly, although Hanselman said that the source of IT security threats is constantly expanding all the time. Even back-up tapes, he said, can now pose a risk to the major corporate, although the biggest According to PGP's Dasher, most corporates tend to start with a security problem they have encountered and develop a security strategy from there. Hanselman picked up on this theme, telling the audience that enterprises need to identify their primary risks and develop a security strategy based on this, and, of course, within their budget. "Information leakage is by far and away the biggest problem facing the IT security industry today," he said, adding that, against this backdrop, IT managers need to assess what is involved with security According to Dasher, the actual risk analysis process for most major enterprises is relatively easy. The harder part, he said, comes when it becomes time to implement the security plans drawn up following the The discussion then turned to a comparison of the disclosure rules that US companies have to face under legislation such as the Sarbanes Oxley Act, which is five years old this summer. In the UK, observed Dasher, there are no such requirements to disclose information on IT security incidents, although, he said, this could change in the near future if the European Union has its way on this The problem with meeting the needs of disclosure legislation, he told his audience, is that it can get expensive. Which is where IT security budgets come into play.
|
|
