Caution Against Over-Regulation of the Borderless Cyber Enterprise

Security2 minutes readSep 20th, 2011

I recently spent some time with Gholam Sheibani. He is one Unisys’ key subject matter expert in Security. We had an interesting discussion around over-regulating in this new cybersecurity space across large enterprises and governments. Gholam’s experience warns us about some pitfalls in jumping head first into policy definition that leads to an unworkable lockdown strategy regarding cyberstrategy.

[Sowmya Murthy] Gholam, as a security practitioner, what does “Borderless Enterprise” mean to you?

[Gholam Sheibani] Few would contest that borderless enterprise (including government agencies and non-profits) ends organizational rigidity, enhances agility and collaboration and communication in its “ecosystem” (employees, contractors, partners, suppliers, customers, etc).

[Sowmya Murthy] Why do you think there is such importance placed on organizational borders now?

[Gholam Sheibani] Globalization mixed with changes in our social culture (media and social networking); global economic volatility; and shifts in customers’ needs and expectations makes embracing the notion of borderless enterprise – or at least some form of it – a necessity for organizational sustainability and even survivability.

[Sowmya Murthy] What will it take for an organization to make this necessity a reality?

[Gholam Sheibani] My expectation is that the evolution to becoming a true borderless enterprise is a long multi-year journey down a very bumpy road that travels across every department of an organization with long stop-overs and delays in technology and security departments. Furthermore, it requires a strategic approach instead of a tactical one.

During this journey, one should make sure that there is no formation of “Sclerosis.” To me that means stagnation, overregulation, and creation of more rigid, artificial borders.

[Sowmya Murthy] You make a great point on over-regulating the cyberspace. How do we start the journey?

[Gholam Sheibani] That starts with

  1. Management buy-in, support, and empowerment;
  2. Revisiting the enterprise design;
  3. Creating a secure borderless technology infrastructure – SOA with “loose” integration – as a borderless enterprise without it would simply not materialize; and,
  4. Having a holistic approach to enterprise security (vs. siloed).

Lockdown strategy from the IT department simply won’t work will it?

There is no room for inaction and resistance is futile.

Tags-   Borderless enterprise Cyberstrategy Security