New Opportunities - Security management is often viewed as being equivalent to "keeping the bad guys out". In cases of viruses, hacker attacks and unauthorized access attempts, this is precisely the goal. However, one important (and often unappreciated) benefit of integrated security management is the enablement of new business initiatives, and the strengthening of existing ones.

Effective security management provides the infrastructure on which you can more easily grow your business. It also strengthens the relationship with existing customers and partners, thereby creating a sales opportunity for additional products and services.

Challenges

Inflexible Infrastructure - Economic pressures are forcing organizations to adapt to the changing environment. IT security needs to evolve to enable them to face these new circumstances. For example information security can enable improved integration between suppliers and customers and allow common access to data in a safe environment. Mergers and acquisitions expose a strong need to rationalize processes and IT services to get the expected returns. Identity and access is deeply embedded in business process and there are real gains to be made by adopting best practice and the correct technologies. Organizations are also looking to save costs by outsourcing, but as well as providing savings this also brings new security risks (e.g. the risk of data being lost or misused and needs to be mitigated using information security techniques).
Improving Service - Customers, partners and employees often find it hard to access the information and applications that they need for the business to grow and prosper. Customers and partners have concerns over data leakage and these concerns restrict new business initiatives. The processes for administering identity and access are often manual and do not provide a service that matches the demands of the business. With manual administration, it can take days to get access rights set up for a new hire or to change the access rights for an existing employee moving jobs.
Managing Operational Risks - Operational risk covers aspects such as processes being vulnerable to theft, fraud, disruption or mismanagement. Better management of the way in which employees, partners and customers are identified and their access controlled and audited is important to mitigate operational risks. Although hacker and virus attacks are well publicized, the insider remains the greatest threat to an organization in terms of potential to cause financial loss. Organizations need to evolve their identity management to better manage these changing risks.
Sustainable Compliance - A further aspect concerns compliance with regulation and the law. Managing who is able to access what information is critical to complying with the broad range of governmental regulations relating to financial reporting, security and privacy of information that have evolved over the years. The cost of compliance is high and manual processes are not a viable long term option. Organizations need to be able to automate their security management processes to ensure sustainable compliance.

Security Management as a Business Enabler

Business Continuity - Since organizations are critically dependent upon their IT systems to operate, any improvements that can be made here can have a positive impact on the business. Equally any loss of these systems due to security issues can have a severe negative effect. For example, a bank in the Middle East suffered a failure of the system which allowed their staff to authenticate to the IT systems and was unable to process customer transactions for 24 hours.
Customer Service - Today, security management is no longer just about securing the perimeter and managing employee access, it is about understanding customers and providing them with the personalized services that they need, reliably securely and when they need them.
New Customer Acquisition - Every organization wants to grow their business. This can be done by selling more stuff to existing customers, but expanding the business to new customers is also a critical element of long-term growth. Therefore, any organization must be able to introduce new and often online products and services quickly and painlessly.
Strengthening Existing Customer Relationships - Customers are fickle. One critical way of keeping customers happy and loyal is to provide them with an excellent experience every time they have to interact with the company for any reason. Their experience consists of the totality of all their interactions with the company, but their web site experience is possibly the most important.
Easy access by staff and partners to IT systems remains a problem for many organizations with forgotten passwords representing a major load on their help desk. One of our customers used CA products to provide simplified sign on to 300 applications. This reduced password related help desk calls from 30% to 8% and saved more that $1 million. It also increased employee satisfaction to 81%.
Enhanced Business Credibility and Customer Confidence - In business, especially in financial services, it's often true that the most important corporate asset is the corporate brand and reputation. Public knowledge of security breaches can have a dramatic, and sometimes catastrophic, effect on the willingness of the public to do business with you. Individuals are increasingly making decisions based on their perception of trust. In September 2007 a study showed that concerns over identity theft is changing online behavior and reveals which types of organizations the public trust to protect their personal details. For example, while 60% of respondents answered that they would trust their bank to keep their personal data secure, only 25% would trust the government.
Hence the protection of data and applications is not just a burdensome requirement but a financial imperative for organizations. In fact, IT security has become an indispensable business tool that enable new and more effective ways of doing business with confidence in the internet age.
New Partner Business Models and Opportunities - One of the biggest challenges to the creation and expansion of robust customer/partner eco-systems of all kinds is the lack of strong, consistent security across these environments. Many organizations would like to tightly integrate suppliers, distributors, outsourcers and other marketing partners into a unified IT infrastructure that allows members of one organization to securely access the applications and information of another organization. For example, instead of delivering pricing information and technical support documentation as paper, allow resellers and partners to access your systems directly via the web. This means securely opening up access and you need to be able to do this without creating an unsustainable administration load.
Increased Business Agility - The area of security management that is most important in improving the ability to react to industry events quickly is a comprehensive, centralized identity and access management system. A fully deployed identity and access management (IAM) platform allows an organization to more easily and quickly react to growing user populations, requirements for new applications and changing business requirements or models. This provides greatly increased business agility, and will position the company strongly to react quickly to changing market conditions.

IT Security Is Now Business Security

IT security needs to be considered in the context of the whole business rather than focused on a specific technology or process. The security team in an organization should engage with the business stakeholders to focus on how the business can leverage information security as an asset. Organizations depend critically upon IT to exist and IT security is becoming more about managing business risk than just operational risk. IT security needs to be viewed within the bigger picture of aligning IT infrastructure. The objective is to unify and simplify the processes and the technology to better meet the needs of the business to increase agility and reduce cost while complying with the increasing regulatory burden.