The new security frontier
A fresh digital security model is required that is in sync with the demands of the application economy.
The application economy has changed the face of IT security; the corporate network perimeter has not only moved - it has been made redundant. The new security frontier lies wherever people decide to access your network, and that's not the only problem. Customers, employees and partners have come to expect seamless, always-on access, on whichever device or platform they're using.
Traditional IT security strategies will no longer work in this complex climate. Companies must now be able to authenticate highly distributed identities from multiple sources, while maintaining a frictionless user experience. A delicate balance needs to be struck between robust protection and user satisfaction, and this demands a new, identity-centric approach to security. This entails deploying methods that use context, behavioural analytics - with more adaptive and predictive approaches - to deliver a compelling customer experience while protecting identities and data.
Building trusted digital relationships with customers is any company's greatest asset in the application economy, and identity-centric security is the ultimate enabler in that regard.
There appears to be a clear business case for a new model of digital security, one that's in tune with the demands of the application economy, and can drive real improvements that benefit the bottom line.
In a digital world - security is the primary driver of trust
However, identity-centric security is more than an effective method of protecting data. Properly executed, it can be a valuable business enabler. It can enable companies to deliver new services more quickly. It can also boost customer engagement and loyalty, both of which depend on trust. And in a digital world, security is the primary driver of trust.
Security in the application economy
Global trends indicate that companies recognise the role security can play in today's business environment. They remain focused on the traditional goals of security, such as protecting against breaches and ensuring compliance, while at the same time recognising and using security as an opportunity to expand their businesses, and compete more effectively in the application economy.
The application economy requires a new role for security - it is now one of business enabler
Businesses clearly see IT security as a critical business enabler, as well as a way to protect data. However, many are cutting corners under the pressures of the application economy. One reported worrying trend is that many companies appear to be compromising on security to get apps to market more quickly.
Building trusted digital relationships with customers is any company's greatest asset in the application economy.
Deprioritising security in the app economy is a major risk. Managing identities and access across thousands of apps, services and devices requires a much more sophisticated approach to protecting identities and data than has been required in the past. The challenge is to verify highly distributed identities from a wide range of sources, including apps, systems, the cloud and social media platforms.
Yet this must be done in a way that's invisible to users. Customers want failsafe security and a seamless experience. Cumbersome, inconsistent registration and authentication processes will kill customer retention and impede efforts to build trusted digital relationships.
Identity-centric security is an approach that helps ensure security practices don't impinge on the overall user experience. It also requires the adoption of a more adaptive identity and access management controls, as well as taking a more proactive and predictive approach to preventing and detecting data breaches.
The digital revolution has moved - and continues to move - the IT security goalposts. It has created a multi-channel, multi-platform and multi-device world. This is a world where customers, partners and employees are always on, and expect companies to be too.
In today's app economy, customers expect fast downloads, quick access, seamless experiences, and robust protection. They'll abandon the company if its security slows them down, and may take their business elsewhere if the company fails to safeguard their data.
The traditional network perimeter is gone. People access the network whenever and from wherever they choose, and on whichever device or platform they wish. User identity - not a firewall - is now the frontier in the battle to protect data. Identity-centric security uses context, behavioural analytics and more predictive security approaches to ensure users are indeed genuine. This demands a two-way trusted relationship between the user and the business, if it is to succeed.
In my next Industry Insight, I will examine the significant business impact of identity-centric security and the role of DevSecOps.