ProductsDesktop Server OpenStack Platform For IBM POWER For IBM System z For SAP Business Applications Satellite Management For Scientific ComputingExtended Update Support High Availability High Performance Network Load Balancer Resilient Storage Scalable File System Smart Management Extended Lifecycle SupportAccelerate Automate Integrate Red Hat JBoss BPM Suite Developer Studio Portfolio Edition Web Framework Kit Application Platform Web Server Data Grid Portal A-MQ Fuse BRMS Fuse Service Works Operations Network JBoss Community or JBoss enterprise Red Hat JBoss Data Virtualization
SolutionsWhy Red Hat Why open hybrid cloud? The new IT Public cloud Cloud resource library Private cloud Infrastructure-as-a-Service (IaaS) Platform-as-a-Service (PaaS) Cloud applications and workloadsSolaris to Red Hat Enterprise Linux Migration overview Migrate from your UNIX platform How to migrate to Red Hat Enterprise Linux Upgrade to the latest Red Hat Enterprise Linux release JBoss Enterprise Middleware Benefits of migrating to Red Hat Enterprise Linux Migration services Start a conversation with Red Hat
TrainingPopular and new courses Red Hat JBoss Administration curriculum Core System Administration curriculum Red Hat JBoss Middleware development curriculum Advanced System Administration curriculum Linux Development curriculum Cloud Computing, Virtualization, and Storage curriculum
ConsultingSOA and integration Business process management Cloud and virtualization Custom Software Development Enterprise Data and Storage Systems management Migrations
Information Security Challenges are Not Going Away
December 17, 2007
by Lee Congdon, Chief Information Officer
We’ve recently seen a large amount of information in the press regarding information security and what happens when organizations misstep in implementing security procedures and systems. This problem is not going to be solved in the near term. To date, the volume of reports has not diminished public interest. We can expect to see additional incidents and they will become increasingly visible.
The problem requires attention from both technology people and their business partners.
Recent events in both the private and public sectors show that uninformed or thoughtless decisions can lead to information loss, compromise of personal data, legal consequences, and the need for immediate and expensive repair work. In many cases, the impact to the reputation of the organization is greater than the financial loss, which can be considerable.
In addition to inadvertent incidents, it has been clear for some time that malevolent parties are breaching security for monetary gain, not for notoriety. Laptops and other portable devices are stolen frequently. Spoofing and scams are used to gather passwords and personal data for impersonation and fraud. We can expect this trend to continue.
In many organizations, the solution starts with guidelines, awareness and education. Information technology professionals can help their business partners by showing them proven techniques for improving controls on their data and applications. They can also help balance the need for business value with the risk of increased sharing and access to data and applications. They can design security into systems and business processes from the beginning, rather than as a costly and fragile afterthought.
IT organizations must also work to insure that they are hardening their existing systems according to best practices. They should build controls and auditing into their applications, especially those holding confidential or private information. IT and business architectures should consider information security from the beginning.
The information security problem will require systematic investment and focus for the foreseeable future. The prudent IT organization will develop both tactics and a strategy to address the problem.