WHY IS IT SECURITY NECESSARY?
Most companies use electronic information extensively to support their daily business processes. Data is stored on customers, products, contracts, financial results, accounting, etc. If this electronic information were to become available to competitors or to become corrupted, false or disappear, what would happen? What would the consequences be? Could the business still function?
- This information could be used by (new) competitors to launch more effective marketing campaigns.
- Competitors could launch an invisible, but effective attack which would be difficult to prove. If such an attack disrupted customer service, destroyed some accounting data, it would reduce customer confidence and help competitors increase their market share.
- System interconnection increases security risks significantly
- Virus development has continued at an alarming rate in the last few years, leaving few, if any companies untouched.
- IT systems have been under attack for decades now, but never before were so many computers networked, never before have so many cheap automated information attack weapons been available to would-be enemies. If is often impossible or very difficult to know if you are under attack and from whom. Attacker sophistication has increased enormously in the last 5-10 years. In the last 2 years many automated attack tools have appeared on the Internet, making is much easier for ignorant attackers to cause considerable damage.
- Many of the weapons only available to the intelligence community a few years ago can be bought commercially.
- Customer information or accounting information could be disclosed, affecting credibility.
“The network is the computer” is a phrase coined by Sun Microsystems in the mid eighties, which is even truer now than then. Applications have moved from single systems (e.g. mainframes) to a multiple of co-operating modules across different systems. A typical example would be a client server application that consists of a PC client which passes via a UNIX gateway to access data on a mainframe. For such an application to be secure, the PC, UNIX, Mainframe and network need to be secured. Security in a client server environment is complicated by the use of completely different authentication mechanisms on each machine. A client-server application is classified at a security level based on the security of the weakest link in the chain of component elements. What is the point is a very secure mainframe if for example; passwords are kept in readable form on PCs or on a piece of paper stuck on the PC screen?
Current Trend Is to Share, Not Protect
Even now, despite the stories of compromised data, people still want to share their data with everyone. And Web-based applications are making this easier to do than simply attaching a file to an email. Social networking sites provide the ability to share material.
Data Accessible from Anywhere
As though employees‘ desire to share data is not enough of a threat to proprietary information, many business professionals want access to data from anywhere they work, on a variety of devices. To be productive, employees now request access to data and contact information on their laptops, desktops, home computers, and mobile devices.