Maintaining Protective Measures
07 Jul 2008
How Can You Meet Customer Expectations and Still Maintain the Security Your Company Needs?
The technology innovation in networks, edge devices, and information management of the last decade has radically changed the IT security landscape. Because of a sharp curve in the sharing and transfer of information, people expect to access products and services quickly and easily, without defense mechanisms slowing things down. This presents a real challenge to the 21st century business.
In this Q&A, Bryan Palma, EDS vice president, Global Information Security, discusses how EDS helps clients around the world meet customer expectations in an open and accessible marketplace while still maintaining protective measures.
You Frequently Talk About a “Paradigm Shift” In IT Security. What Do You Mean?
IT security is a relatively young business. It's been around for a decade or so, and started out as an attempt to “lock down” the perimeter. So what you saw was layers of defense against hackers and other cyber-crime, securing that perimeter and keeping everything out.
But the explosion of technology has changed the business need. Companies that have this fortress of security are now needing a semi-permeable membrane that allows customers to come in and out, to get to accounts or products or services. They are looking for open sharing of information, but one that still protects the data.
What Is the EDS Response To This Shift?
At EDS, we are taking the traditional model – managing risk and ensuring compliance issues – and broadening the aperture to also include “enabling business.”
We're adjusting our offerings and adding new ones, working with our clients toward solutions that enable interaction, drawing customers and constituents into an environment optimized for risk-free exchange of information, products and services.
Some of the areas that help with this idea include end-point protection, data loss prevention, and identity management. It's a concept of encasing the individual bits of data in a secure “shell” before they leave the application, so that the data is protected as it travels from one point to another.
So What Does the New EDS Security Solution Look Like?
EDS provides multiple models for delivery of high-end security, all in tune with industry variances and geographic deviations. Agile and customized delivery models are required to deliver the security services of tomorrow.
We understand that risk tolerance and spend on security vary greatly among industries. For example, we do a lot of work for the defense industry, and they require very secure environments. We are talking about national security, intelligence data, things like that. They have less concern about usability. They still require a more “lock-down” approach.
A retail client is going to want more open access, for customers to shop online, for instance, and be able to move around quickly and easily. But when the monetary transactions occur, security is ratcheted up to encrypt the credit card data and personal information. So it is a different perspective between the two on what “security” means.
What Piece of the Security Market Does EDS Deliver?
Because of EDS' pre-existing affiliations with major players throughout the security market, we are able to deliver a comprehensive package to our clients. While each partnership is strong in its own right, the collective whole significantly enhances the solutions that EDS can bring to our clients.
We work with our EDS Agility Alliance partners to provide hardware and software elements, and have long-term affiliations with security vendors McAfee and Symantec to complete the picture.
Most notable in the area of security are the following:
- Cisco provides the underlying technology for EDS Global Services Network, the network and communications foundation for the Agile Enterprise Platform.
- Microsoft is the standard for desktop and server operating systems, and integrated development environments for the Agile Enterprise Platform and .Net Application Platform Suite.
- Sun is EDS' preferred partner for enterprise-wide network computing, identity management, outsourcing environments and utility-based computing for the Agile Enterprise Platform.
- RSA, The Security Division of EMC, provides a suite of solutions which EDS uses to monitor its own devices and network, and those of several clients. RSA envision software allows EDS to collect, store and manage data, and interoperates with the EMC® Centera® and EMC Celerra® networked storage platforms. On behalf of clients, EDS manages and monitors 2,500 firewalls and 3,000 intrusion detection systems for threats and vulnerabilities.
- Oracle Identity Management's comprehensive suite of standards-based products provide EDS with solutions that are fast to deploy and enable interoperability across multiple platforms. As a component of the Oracle Fusion Middleware portfolio, it is pre-integrated with application infrastructure, developer tools and business intelligence software.
- McAfee is a leader in intrusion prevention and security risk management, proactively securing systems and networks worldwide.
- Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information and interactions by delivering software and services that address risks to security, availability, compliance and performance.
What Is the Best Way For a Company To Take Advantage of This New Approach To a Business-Enabled Security?
Take advantage of EDS' “Snapshot Assessment” capability to get a comprehensive security review. This will help us determine where you are right now, and how security can align and enhance your long-term goals.
Based on this assessment, EDS can recommend an enterprise approach to security that breaks down the silos between portfolios and allows free exchange of information within the organization and with your customers, vendors and other constituents. This inter-operability is significantly different than the common approach of point-solution protection of the perimeter.
We believe an end-to-end, integrated solution is a smart security investment that leads you to better performance, and can't wait to get started in helping you achieve more.