What is the information that really matters within an organisation? IT security professionals need to work closely with the business to identify what is the company's real intellectual property and information that needs to be protected.
These are the words of Symantec CEO and president Enrique Salem, during his keynote address at Symantec Vision 2010, held in Barcelona this week. “When businesses try to protect 100% of their information, they end up with a complex environment that is very difficult to manage.”
He said the current approach to security is not working. Companies are spending more and protecting less. “Throwing hundreds of different point products at the problem isn't working, it merely complicates the matter. Spend less, and increase security through fewer products. A company's security is only as strong as its weakest product point.”
According to Salem, Symantec has redefined the way it looks at security, and has identified five core security issues.
The first issue, said Salem, is to define risk and develop IT policies. “Assess information and processes, report, monitor and demonstrate due care, and finally fix any problems.”
Secondly, he added, look at data leakage prevention. Discover the sensitive information, and define access rights. “Enforce acceptable use, and resolve process and policy deficiencies.
“The third step is authentication. Validate the identities of users and site servers. Provide trusted connections, authenticate transactions and control access.”
Following this, he said, manage systems. “Implement secure operating environments and enforce patch levels. Automate IT processes and monitor the system's status.”
The final step is a protection suite, said Salem. “Protecting an ever complex architecture is vital. Monitor and correlate incidents. Protect e-mail and the Web. Use security endpoints and harden critical servers. And of course, back up data.”
In line with these core issues, the security giant has recast its portfolio into five suites - Symantec Control Compliance Suite, Symantec DLP & Encryption Suite, Verisign Identification and Authentication, Symantec Management Suite and Symantec End Point Protection.
Share