Archive for September 2011
Axway CSO Taher Elgamal Posts on DarkReading.com: “Passwords: Time’s Up?”

Axway CSO Taher Elgamal posted a blog post on DarkReading.com, a news and information portal that focuses on IT security. Please take a look and share your thoughts!

“It really is imperative that the industry collaborates to move away from password-entry methods. Many of today’s attacks and threats are centered around obtaining passwords from someone. Industry efforts are under way to simplify users’ access issues by having a single password that unlocks others — that is a good benefit to users to make Internet access easier, but the security threat by depending on passwords for access stays.”

Response to Andrew Rose of Forrester Research, who asks, “Security Policy – Why Is It an Increasing Issue?”

By Joe Fisher, Executive VP Global Marketing, Axway

A New World

It was only about seven years ago that I can recall organizations introducing the role of CISO and beginning to focus on security architecture, asking questions like, “How do we protect our networks? How can we keep our information safe?” This was the advent of what I call “Security Policy 1.0,” a time that saw many companies develop a strict security policy, adding systems to help enforce and govern those policies, and training their workforce around security issues.

Now, driven by several key factors, we’re moving into a new world – Security Policy 2.0.

Most organizations today are going through considerable change and evolution across their operations. Elements like virtualization, the cloud and mobility – typically not part of the enterprise or its security policy five to seven years ago – must now be taken fully into account, and the result is a security policy renaissance.

For example, a few years back, when a large bank needed to craft security policy to protect information, moving data across the Internet securely was their primary concern. But today, the mechanisms and vehicles that same bank may use to connect and distribute information comprises a much broader landscape – social networking sites, mobile devices (some much faster and stronger than computers), cloud sites that store information, and more.

What this means is that companies must now revisit security policy and determine whether policy has evolved quickly enough – and in the right directions – to keep up with key business goals and a burgeoning landscape of ways to do business and connect with customers. In this new environment, it’s critical to stay connected and communicating with partners, customers, and other constituents even as you adapt to hybrid, on-premise and cloud scenarios. And, of course, access points across your entire business ecosystem must be secured.

Organizations must also be ready to adapt to an ever-evolving and fluctuating compliance environment. Regulatory mandates that affect many types of companies across a range of industries, and that may be periodically revised and expanded (HIPAA, for instance), require that enterprises continually align and realign their business and security goals. Today, any regulated business with plans to move to the cloud, go virtual or go mobile must solve the challenge of adapting to regulatory compliance pressures and mandates every step of the way.

Yet, with all of these challenges in mind, it’s also imperative that security not become a barrier to conducting business. Mapping our business goals and aligning them fully with security policy will ensure that security policy won’t dictate how we do business in the new world, but rather be an asset enabling us to securely connect to and do business with partners and customers.