Security: The transformation from ‘Restrict’ and ‘Deny’ to ‘Permit’ and ‘Enable’

Sharath Kumar
New Update

Security is one of the top priorities for CIOs today. A recent Dell Software Global Security Survey (India) through its findings best reiterates this: in the last 12 months, around 85 per cent of organizations have increased spending in the education/training of employees; 75 per cent of organizations have increased spending in completing security risk assessment and software on premise; 71 per cent of organizations have increased spending on hardware and 65 per cent of organizations have increased spending on creating response plan.


The security afforded through managing the identities of users will help IT to "right size" access - ensuring that both administrative and end users have access to only the resources they need to do their jobs. However, for a majority of the IT companies focus lies in the investment of infrastructure that help them keep business running as usual rather than taking into consideration the changing IT landscape that consists of an ever-growing number of mobile devices generating data and cloud computing. CIOs today need to look at security solutions that serve the long-term security requirements of organizations and such solutions are what will be profitable to businesses.

Till now security has existed in manner that promotes the denial, restriction and limitation of information. This essentially promotes what doesn't happen rather than what does and does not take into consideration the long-term security requirements of organizations. To counter this, consider a situation where you could use your security investments to keep your organization's network secure both today and tomorrow, while at the same time directly contributing to your company's business profitability and increasing the overall speed of business processes.

This is entirely different from the traditional view of security which revolves around restrictions and denial to make it the practice of connecting, permitting, uniting and enabling. Organizations need a different approach to do this; they need to manage the identities and access of their users. Identity governance, access management and privileged management have emerged as the basis for safely and efficiently managing access to business resources, wherever they reside inside or outside the network, without compromising security.


Such an approach which transform security to a state where it becomes the practice of connecting, permitting, uniting and enabling, the business becomes agile enough to move forward on many different fronts, which, on the surface, sounds like they have nothing to do with security. This approach to security allows businesses to enable a user to replace someone who is sick by assigning permissions in less than three minutes; move a department's access rights - without having to go to IT - from the mortgage application to the pension application to meet a huge demand coming from a recent marketing campaign; provide a design partner from a gearbox manufacturer with access to the company's chassis design details, through federation and the partner's own self-service application; enable single sign-on to the new cloud-based lead nurturing app the CMO purchased without telling IT; give a ship's captain access to SAP on his iPad so he can update the delayed arrival time into dock, when he's in the middle of the Atlantic; or give the $3,000-per-day consultant root access to every machine he needs within 5 minutes of his arrival at work.

The different approach taken towards security makes all of these are possible - IT can secure data, meet uptime requirements and address compliance obligations, and increase end user productivity by giving users faster access to the data and applications they need to do their jobs. With this combination line of business, users are enabled to make better and more effective decisions by only getting access to the data they need to do their jobs, rather than flooding them with so much data that they become security risks themselves or providing so little access that they become ineffective.

Another encounter that IT might be inclined to deal with through denial and restriction includes the growing use of cloud and BYOD by employees in organizations. The influx of cloud-based applications like, Google Apps, and Office 365 has taken the control of access out of the hands of IT. At the same time, the user demand for access to both network and cloud apps from mobile devices is skyrocketing, and the business is demanding that all access be secure. This results in a huge burden for IT, not the least of which is the need to provision access to, and manage passwords for, all the different SaaS applications. But, it doesn't have to be that way. The security afforded through managing the users enables IT to meet the growing demand by employees to use their tablets, smartphones, and other mobile devices for work, anytime, no matter where they are.

To survive the security test within the changing IT landscape involves the introduction of to the right security policies and practices in place to prevent intrusions, protect intellectual property, maintain privacy, and ensure compliance with corporate policies and government regulations. While investments in security are high, this may not on its own ensure the smarter functioning of IT. When security enables an organization to make new employees, partners and consultants productive faster - whether that's designing a new part between multiple organizations across many time zones, giving a high-priced consultant the right access instantly, or ensuring an employee has the necessary access to cover for a sick team member - you've improved agility and added business value. The solution here is to change the conversation from restrict and deny to permit and enable, making IT the force for "yes," rather than the group of no denial and restriction.