Security is a feature that needs to be present within each layer of the stack. Security, needs to permeate all layers of an IT solution stack. IT security isn’t a discrete category – it is a ubiquitous factor in all aspects of IT/business infrastructure.
The most important IT-related development in 2018 and beyond will be a focus on connectedness – connected cloud, edge, applications, security, collaboration, workspaces and insights. Internet and the web are the navigation routes that we have been developing since the 1970s; the always-on, everywhere-connected Interwork© platform is the destination that we will be creating in 2018 and for years to come. Please read Future of Work - Interwork: the next step in connected businesses
If there is an evident downside to ubiquitous and constant connectivity, it’s security. In conventional IT environments, security followed a ‘castle keep’-type approach: IT security staff gathered all critical information assets at the core of the environment, and focused their resources on hardening the perimeter, in much the same way that ancient castles used a moat and wall to safeguard people and assets within a central tower.
Today, of course, nations do not use castles as fortifications – and in truth, the traditional approach to security is scarcely better attuned to contemporary IT security needs. With the rise of mobility, cloud and connected supply chains reaching from component suppliers to OEMs to distribution and consumers, there is no perimeter to harden; any sizeable enterprise will have literally thousands of shifting entry points capable of accessing one or more corporate systems. And the rise in the value of information has spawned a sophisticated cyber theft industry: ‘bad actors’ use many different types of tactics and advanced technology to infiltrate corporate IT environments, with an eye towards stealing customer credit card data or internal financial or engineering information, hijacking corporate IT resources or obtaining some other form of benefit.
Security is the most amorphous of IT market categories. Virtually all other technologies occupy a defined position within the solution stack. Today’s security strategies no longer resemble a ‘wrapper’ around assets – they are built into each element of the corporate IT stack and rely on connectedness to (as the NIST framework recommends ) identify threats, protect against attacks, detect intruders if/when they breach perimeter defenses, respond to security events, and recover information lost to theft, loss and/or malware.