In the application economy does security help or hinder your business?
David Hodgson, September 23, 2014
Traditionally people view security like a castle moat. That is a great start but while a firewall with strong authentication is good it is not enough. Conceptually it does not go much further beyond: “Stop, who goes there?”
We are constantly seeing examples of people finding ways under, over or around our moats and in the current digital era this problem is getting worse. The fortress mentality just doesn’t work well in our highly connected world.
A wholly, more sophisticated approach is needed. One that keeps our resources secure, but doesn’t involve the ‘clunkiness’ of heavy security that ends up hindering your business.
With this post I complete the four-part series about navigating your journey in the application economy – exploring the topic by drawing allusions with my daily walk to work and back. The four principles I have suggested are:
- Every business is in the software business
- Infrastructure is your greatest advantage, legacy systems your secret weapon
- Make DevOps the newest best practice in your organization
- Security must enable your business not restrict it
In this post I’ll cover the topic of security.
I quickly found out that wearing a tie while walking to work in Manhattan is a killer – I need much more air circulation around the neck area when moving at speed, particularly in the warmer summer months. So now I keep some ties at the office.
Keeping that tie in the office is a security feature for me in case I feel the need to put one on for an important meeting. Now I don’t have to slow down my walk and secure at work.
If your security slows down your employees or your customers it is holding your business back. In today’s connected world a well thought and thorough security strategy is critical.
We cannot deny the benefits of the cloud, but we need policies and tools that enable BYOD and the use of tools like Dropbox, not a police-state mentality that blocks useful activity. Security in the application economy must allow seamless application experiences while being sure that only authorized people are using the services.
The answer for the application economy is content-based data placement and content-based access to data, coupled with a much stronger concept of identity. We need a stronger sense of who is doing what and a stronger definition of how to do it.
However, it must not be restrictive to the user experience, because today’s user of both internal IT and consumer apps has choices, and if one service is slow or hard to use, they will use another that is easier and faster.
Who goes there and why?
At CA Technologies we have solutions for single sign-on and two-factor authentication. We also have the leading solution for credit card authorization that can dynamically detect anomalies and decide if a greater degree of authorization is required.
And new for the mainframe, we are developing content based access control that will allow you to set up policies to control access, changes and movement of data based on what it is rather than what container it is in. This will maximize usage and streamline management while ensuring good control and compliance with regulations.
The possibilities for this are awesome and much needed in today’s Hybrid Cloud infrastructures. Our new Cloud Storage for System z (CS4z) allows applications to seamlessly place tape data onto on-premise, private storage clouds or at public providers like Amazon and Google.
This is an incredible break-through in flexibility for the mainframe. But how do you manage that data placement? How do you stay in compliance with the latest regulations? Do you even know for sure what is on those 10-year-old tapes?
Awareness of data content allows both policy based data-placement and policy-based access control. So old reports that don’t contain personal information can be stored on Amazon Glacier but confidential information must stay in-house.
And if you connect identities to roles, you can limit access to data not only by a file name but also by the metadata that describes the sort of data that the file contains. This is an approach that will be safer, more adaptable and will expand securely to your business needs.
The best part of my daily commute is of course the walk home. I hope you found value in this series and it helps you along your journey into the application economy.
We are right at the start of our journey and we are all learning from each other. I’d love to hear your stories. What security challenges have you bumped into along the way?
If you have solutions that help Development integrate tightly with Operations, I would love to hear about them too. Just leave a comment below and I’ll be sure to reply.
And I hope our paths will one day cross somewhere along our travels.