Why Content, not Identity, is the NEW Enterprise Perimeter
The enterprise perimeter used to be protected by the firewall — recently, that perimeter has shifted. Find out why content is the NEW enterprise perimeter.
10 September 2014
Since its inception, IT has been going through a continual evolution, none more evident than the security function; and that evolution is speeding up rapidly with businesses demanding not only security but productivity as well.
The Evolution of Security
For many years, the enterprise perimeter was protected by the firewall — life was simple. More recently, the perimeter has seen a major shift as more and more services are accessed outside of the firewall. As services have shifted to the cloud, and more businesses require collaboration with external partners, analysts have proclaimed that identity is the new perimeter. To control who has access to what content, solutions such as Single Sign-On (SSO), Identity and Access Management (IAM), and Multi-Factor Authentication (MFA) technologies have all been put in place.
The emphasis on identity being the “new perimeter” was thrown a complete curveball — the much publicized Edward Snowden leakages from the National Security Agency (NSA). At the time, Snowden had the correct identity (top secret) and access to the correct data, but that data still leaked from the NSA. Identity as the perimeter did not prevent that leakage from happening. In fact, one could argue that identity enabled the leakage. So what now?
As more and more layers of security are added into an IT organization to protect critical data and IP, identity is no longer the solution it once was. As criminals and disgruntled employees continue to be a threat to the enterprise, control over the content itself is needed — rather than just on the person accessing it. If security is based solely on identity management, then you should expect the possibility of data leakage to happen in your organization.
Chief Information Security Officers (CISOs) are actively trying to plug holes within the enterprise to stop data leakage caused maliciously, by accident or by employees “sharing” critical content through consumer file sync and share technologies. As we’ve seen from recent research, the problem still exists.
The Need for Collaboration AND Productivity
Businesses are demanding that content be available for collaboration purposes, so the desire to lock content down is no longer an option.
Locking down content equals locking down productivity. Content needs to be available across any platform, from desktop to laptop to mobile devices. Content also needs to be available anywhere — from office to home to airplanes. While availability is often demanded (and now expected), the expectation is that the CISO still needs to secure that content at all times. Thus, it is the content that needs to be monitored and controlled, not the users. In other words, content is the NEW perimeter!
World where Content is the NEW Perimeter
In the new world where content is the perimeter, CISOs need to remember the importance of what their title stands for. Information (or content) is the lifeblood of any modern enterprise — it must flow freely for business productivity. Yet, information is also the core IP of the modern enterprise that needs to be secured at all times.
One of the most important ways to satisfy these enterprise needs is to apply “plugin free” Information Rights Management (IRM) to documents. IRM embeds security controls inside documents so that you can freely share or UNshare those files at will, no matter where they reside. With plugin free IRM, recipients can access documents freely as they would access any other document with standard applications such as Microsoft Office and Adobe Acrobat.
Thus, business security and productivity go hand in hand with the plugin free IRM usage. By adding an extra layer of protection at the content level, the CISO ensures that the enterprise perimeter is protected, the critical data is secured, and the risk is reduced — while still allowing the organization to increase productivity.
The balance between security and productivity is a fine line, but one without the other will limit business in the new world where content is the new perimeter.
Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.