Security professionals used to protect their organizations from cyber threats by building fixed network perimeters that mirrored the physical boundaries of their data centers, industrial operations, and state borders. This model worked in a world of tethered workstations, physical servers and limited travel, where trusted access was granted based on where users were, not who they were. Back then, we’d login to workstations for an eight-hour day, check account balances at the bank branch and sometimes travel to different countries with just a passport to vouch for identity.
But over time, network, device and country perimeters began to disappear. Users became increasingly more comfortable with personal data in the cloud and expected to access it through untrusted devices such as mobile phones, ATMs and airline kiosks – from anywhere around the world.
With increasing demand for the free flow of data to conduct daily life, businesses and governments were forced to rethink how they made data and systems available. They realized that fixed perimeters, preventing employee, consumer and citizen access to data, put them at a competitive disadvantage. But they also understood that exposed data and systems were vulnerable to sophisticated cyberattacks that could steal valuable assets, tarnish reputations and wage war.
For security professionals, protecting the critical became a boardroom concern of how to increase productivity without putting the organization at risk. Security vendors that had no insight into the business goals and missions of their customers applied granular policies that attempted to balance protection with access. This approach failed because it didn’t scale. It failed because trust was tied to the device, not the user. It failed because operationalizing security across organizational silos is near impossible. And, ultimately, it failed because generic security policies result in arbitrary rule sets that are only appropriate for the generalized masses.
To address dissolving perimeters, security professionals need a new approach. A security approach that protects the critical assets as defined by the value of data, systems and users assigned by the organization based on business goals. This approach relies on security solutions that scale from small businesses to large nations. It focuses on defining digital trust based on the identity of the user, not the device. And it is based on a strategy that can be operationalized effectively across an organization.
By partnering with trusted advisors that work to understand the unique digital transformation needs of each organization, security professionals are able to define strategies that protect the critical while empowering users to excel in their endeavors through the free flow of data. Unisys Security Solutions combine software, consulting and managed services to address our customer’s need to protect the critical. Learn more at https://www.unisys.com/business-drivers/security-transformation.