At last week’s Kaspersky Labs Analyst Summit, Chief Marketing Officer Alexander Erofeev said that for 2013 the phrase “protecting who you are” would be the theme for the company. This made me pause and think about “who you are” means. Of course, as an Identity Management analyst my first thought was that it was identity, and identity attributes, that Erofeev was talking about. But further reflection (and the rest of his presentation) led me to understand that it’s really Information Stewardship that the company is leaning towards – even if they don’t use the term.
For the corporate entity, “who you are” encompasses all of the data – both structured and unstructured – that makes up the information that not only constitutes the wealth of the organization but also the identity of the organization. Think, for a moment, about those enterprises you know and “who they are”. How do IBM and Apple differ? Mercedes and KIA? Lufthansa and Air France? Sure, corporate identity owes a lot to marketing, for how a company wants to be perceived, but beyond that marketing we still form impressions about the organization based on the data we gather from non-marketing sources.
Personal data, intellectual property and non-public information (financial information, mergers and acquisitions data, executive communications, legal and regulatory matters, etc.) taken together make up a large part of the “who you are” for the organization. Protecting it is just one part of Information Stewardship (for more on the broader topic, see the KuppingerCole Advisory Note: “From Data Leakage Prevention (DLP) to Information Stewardship”).
Of course, the best way to protect who you are according to Erofeev is to install the full suite of Kaspersky products, which they bundle as “Kaspersky Total Security For Business”. This includes:
- Anti-malware
- Firewall
- Cloud-assisted protection via Kaspersky security network
- Application control
- Application whitelisting
- Web control
- Device control
- File server protection
- Mobile device management (mdm)
- Mobile endpoint security
- Encryption
- Systems configuration and deployment
- Advanced vulnerability scanning
- Network admission control
- Patch management
- Mail server security
- Web / internet gateway protection
- Collaboration server security
That certainly appears to be comprehensive. And “comprehensive” was the point that Kaspersky Chief Product Officer Petr Merkulov was trying to make when he said that companies who use security apps from many different vendors risk leaving open cracks for malware to slip thru; that with a comprehensive solution through a single management console, bad things were less likely to happen.
This, of course, resurrects the age-old dichotomy – what’s better, an integrated suite or a group of “best of breed” solutions? It was in 2004 that I wrote “the argument will always rage as to whether it's better to purchase best of breed products from several vendors or a homogenous suite from a single vendor.”
I’ve generally come down on the side of the tightly integrated single-vendor suite offering. As I pointed out at the European Identity and Cloud Conference in 2011, you need the services assembled in a seamless way so that there are no holes and so that it Just Works. You need this, of course, because almost all of the data breaches we see involve holes in the system, poor connectivity of security and protective services or took advantage of manual procedures to evade policy. Additionally, during that same conference, I discovered through feedback from the attendees that the "Best of Breed" label may be on its last legs. The problem is that no one can agree on what's best. As someone said, if there really could be an objective "Best of Breed" then we'd only have one religion and one political party! Instead, attendees seemed to coalesce around the thought that what was important was that they have the services that they perceived were the ones they needed. Interestingly, though, the folks who gave me feedback also said that the number of vendors delivering these services was irrelevant. More vendors require more diligence on the end user's side to be sure that everything works together seamlessly with no holes, but the benefit of getting the right services outweighed the benefit of a single vendor providing better connectivity and "fit."
So it’s not a question of having the “best” (whatever that means) anti-malware coupled with the best mobile device management coupled with the best patch management, etc. What you need is apps and services covering all the important (to you) areas without holes for bad things to slip through. A solution like Kaspersky’s makes this easier, as they cover many different areas in a single suite, but that doesn’t mean that some other suite (or even stand-alone services) couldn’t form the basis of the security part of your Information Stewardship. After all, Information Stewardship is about much more than security so, of necessity, there will be multiple vendors represented in the products and services you’ll be using.
Nevertheless, when assembling the tools for you Information Stewardship toolbox, you won’t go far wrong by including Kaspersky’s Total Security for Business.
Information Stewardship and Information Security are just two of the themes for this year’s European Identity and Cloud Conference (EIC 2013) coming in May. If you aren’t registered yet, what are you waiting for?