Worlds Colliding
How the consumer landscape and the modern enterprise model are changing security
- By Jeremy Brecher
- Jan 01, 2013
There’s no question that the 21st century has brought significant
change to security solutions. An abundance of connectivity options
and the application of technologies—such as IP, virtualization, hosted
solutions and mobile—are enhancing the way we secure the enterprise
and helping to improve security. Each of these technologies
plays a distinct role in the security environment.
As we stand at the threshold of 2013, technology’s impact on our industry is becoming
even more far-reaching. While the first decade of the century was focused
on pinpointing specific applications for technology, such as the use of IP for the
delivery of video, what we do with technology during the balance of the second
decade has the potential to transform the entire security enterprise.
The Collision of Consumer Behaviors
and Professional Practices
What’s driving this broader application of technology has much more to do with
what is happening outside the security industry than what’s occurring within it.
It has to do with the collision of our consumer behaviors with our professional
practices. At the same time, technology is rapidly changing what is possible, and it
is changing what we—as consumers—expect and prefer.
What do our consumer personas expect? We expect more tools and more mobility.
We expect quick, frequent updates. We expect a unified experience from device
to device. We expect the highest level of connectivity to our communities via
platforms, such as Facebook and Twitter. In short, we expect to have on-demand
access to what we need, when we need it and where we need it.
Increasingly, we’re getting that access through the use of mobile devices. In
fact, according to CTIA—The Wireless Association there are more than 270 million
mobile subscribers in the United States. More than half of those subscribers
use smartphones, according to comScore MobiLens. Professionals are even more
likely than the average consumer to be avid users of mobile technologies, both at
home and on the job.
All of these expectations are bleeding into our professional worlds like never
before. It’s transforming the way we do business and the way we will implement,
deliver and manage security in the future.
The Collision of Enterprise Systems and Security Operations
All security operations are part of a larger enterprise. Security is intersecting with
the broader organization like never before. Similar to the consumer landscape, the
technologies that drive the enterprise are rapidly transforming, and there’s an expectation that all facets of the organization, including
security, will take advantage of those technologies to
achieve a more interconnected business environment.
Where can we find evidence of this transformation?
We can start with the machine-to-machine
(M2M) movement. In an M2M model, business networks
no longer require a central hub to communicate.
Instead, both wired and wireless machines talk
to each other in real time. This model enables more
rapid communication with a new category of devices.
M2M holds real promise for the security industry, in
which communication and information are critical to
risk mitigation and life safety.
We also see the transformation in the rise of cloudbased
enterprise solutions. Salesforce.com is just one
example. The customer relationship management
(CRM) platform takes the management of a company’s
relationships—with customers, partners and employees—
into the cloud. Users can automate sales assets,
manage communication and push out campaigns
using a single, Web-based portal. They no longer have
to purchase and manage hardware and software because
they subscribe to access the platform’s capabilities
via the cloud.
Microsoft is writing the next chapter of this enterprise
scenario with its Office 365 and Azure, a cloudbased
platform also available via subscription. The
platform enables the sharing of files internally and
externally and takes enterprise-level services, such as
email, video conferencing and instant messaging, into
the cloud. Plus, it allows organizations to leverage
Microsoft’s vast infrastructure to expand bandwidth,
simplify administration and make assets like corporate
email available from any device.
Just as rapidly as these enterprise-level solutions
are evolving, so too are solutions that simplify specific
tasks. Professionals can use applications, such
as Evernote, to convert files to multiple formats, exchange
information from person to person and make
notes or lists. Because the information is stored in the
cloud, it can be accessed from multiple devices, such
as a desktop or mobile, via a single user interface.
While these examples are game changers in terms
of what the systems can do on their own, they have
even more value when they’re used together. Each
solution—salesforce.com, Office 365, Azure and
Evernote—was engineered for collaboration. They
work together and can integrate with other enterprise
systems to provide more intelligence and build value
beyond their core purpose. The key takeaway is that
solutions and enterprises are getting smarter, allowing
us to communicate and collaborate more easily and
frequently. As a result, the enterprise is more cohesive
and interconnected.
The Tipping Point
Indeed, the collision of consumer behaviors and professional
practices, including enterprise systems and
security operations, has brought us to a tipping point.
We no longer have the luxury of taking a wait-andsee
approach to understanding how technology will
play out in the security space. We must get ahead of
the trends to quickly understand how they apply in
our environment. If you need evidence that the timeline
to technology adoption is shrinking, take a look
at the evolution of consumer technologies. It took 50
years for the telephone to go mainstream and 25 years
for most homes to get the television. Mobile phones
and personal computers weren’t widely adopted for
13 years. In contrast, the Apple iPod® took just three
years to become ubiquitous. Apple’s iPad needed a
mere 18 months. Today’s technologies are the pinnacle
of usability, and that usability has encouraged consumers
to embrace them more rapidly than ever before.
If we want to keep security viable and prove it’s
a worthwhile corporate investment, we have some
catching up to do. There’s tremendous pressure on
the security industry to shift the model to better align
with the consumer landscape and the enterprise approach.
To do that, we need to make security more
adaptive, more connected and more mobile. We need
to explore the cloud and take advantage of subscription-
based services. We need to unify the experience
from device to device. We need to provide the kind of
on-demand access today’s users demand.
A New Security Model
This is the model that’s going to drive real change
in our industry. As professionals, we’re beginning to
expect the same usability and interoperability when
we’re on the job. And we’re more likely to quickly embrace
technologies that have the potential to add efficiency
to how we do business.
As security practitioners, we have a decreased appetite
for disparate platforms that don’t communicate.
We’re looking for security systems that afford us the
same opportunities for integration as our consumer
platforms or our companies’ enterprise systems. Today,
security end users are looking for ways to tie together
their entire security operation, whether they
have one site or many. Increasingly, they’re seeking
partners that can provide online gateways to three of
the things that are most critical to security: information,
collaboration and control.
Smarter Security
Delivering information, collaboration and control
requires smarter security devices and applications.
We must create true open-architecture, Web-native,
services-based tools that allow for control of nonsecurity
elements such as critical equipment, as well
as information such as business intelligence. This approach
will not only lead to better visibility, it also will
enable more stakeholders throughout an organization
to recognize the value of security and be compelled to
make an investment in it.
For example, a video solution that’s leveraged
to tell a facilities department what times of the day
a corporate campus experiences the heaviest vehicle
traffic could enable more effective parking planning.
As a result, the department might be more likely to
contribute a portion of the budget for that solution.
In this scenario, stakeholders outside the security operation
derive a clear return on investment from what
was traditionally seen as a security function. This
visibility extends the value of security to other influencers
within the organization, and it leads to richer,
more valuable collaboration.
Smarter Security Providers
The new security landscape requires more than just
smarter devices and systems; it also will demand
smarter security providers.
As we begin to realize Security 2.0, it’s no longer
just about the implementation of equipment. It’s about
aligning people, processes and technologies to enable
richer collaboration and more meaningful information
across departments, sites and organizations. We
first saw this type of collaboration in the conception of
homeland security—another force that forever changed
the security industry. Enhancing the protection of
our nation has required unprecedented collaboration
among local law enforcement, first responders, government
agencies and security providers. To improve security,
these entities have done more than just embrace
new technologies, they’ve also aligned processes and
facilitated better communication and coordination of
people across multiple organizations.
The elite security provider of the future will elevate
this approach. The technologies to enhance communication,
mobility and collaboration already exist.
Now, we must leverage them to build a unified platform.
We must use the platform to achieve a cohesive
enterprise, providing a common view of more systems
and bringing together more sites, from headquarters
to data centers, field offices to partner locations. We
must support the platform with common practices
and coordination with people both inside and outside
of the security operation. As the primary source of
integration and monitoring, security providers are
uniquely positioned to drive this change. And the elite
security provider will be adept at weaving together all
of the internal and external elements to deliver smarter
security and more informed enterprises.
A New Way to
Practice Security
How will all of this translate into the
security space? Most importantly, it
will lead to the acceleration of platform-
based solutions for security management.
By creating true open-architecture,
Web services-based portals, we
will enable end users to manage every
element of their security operations—
intrusion, fire, video and access—using
a single tool. That tool will become
pervasive in all we do, and it will enable
more intelligence relative to the security
operation and the broader enterprise.
This concept is not unlike the consumer’s
use of platforms such as Facebook.
The Facebook infrastructure
is a conduit to countless elements of
a user’s community, from the brands
the consumer likes to the applications
he prefers. Multimedia lives—and can
be shared—through the Facebook interface.
And other online tools, from
Pinterest to online gaming, Twitter to
Spotify, can all be integrated within the
Facebook platform.
It also is similar to what we see at
the enterprise level with platforms such
as salesforce.com, Office 365, Azure
and Evernote. All of these tools have
distinct roles while inherently intermingling
to enable rapid communication,
more streamlined administration and a
higher level of business intelligence.
By leveraging the responsive design
that has become so prevalent in the
consumer environment, along with
the collaboration that is evolving the
enterprise, Security 2.0 can provide
end users with the ability to uniformly
access and manage their security platforms—
regardless of whether they’re
using a desktop computer, mobile device,
web browser or application. In
the long term, this new way to practice
security will do more than improve
interoperability and enhance security
management. It also has the potential
to lead to a more predictive model,
enabling us to better anticipate security
threats and manage maintenance
needs. It provides gateways to big data,
allowing us to take a more holistic view
of operations to analyze relationships
between systems and produce more actionable
insight that can improve our
businesses.
A Modern Paradigm
The collision of our consumer, enterprise
and security worlds will ultimately
help us better protect our organizations.
And it will result in incremental gains
in operational efficiency and long-term
improvements in return on the security
investment. By creating smarter
platforms that mirror the way we interact
with technology as consumers
and emulate enterprise-level interoperability,
we will establish a modern
paradigm for security. A paradigm that
drives meaningful collaboration among
people, processes and technologies. A
paradigm in which security isn’t just
part of the cost of doing business, it’s a
critical function that adds value across
the organization.
This article originally appeared in the January 2013 issue of Security Today.