Agility is a key capability of successful organizations. Agility is the ability to quickly adapt the organization and the business model to new customer demands, innovations, and a changing competitive landscape. We live in a time where virtually all business relies on IT. Whether this is retail, finance, or life sciences – business requires IT. The consequence is, that IT has to support business agility. No IT agility = no business agility.
One of the biggest changes we are currently observing is the evolution from stand-alone to connected businesses. New collaborative business models, tighter and more flexible integration of customers and business partners, and the upcoming IoEE (Internet of Everything and Everyone) are driving the evolution of businesses. Cloud Computing, Mobile Computing, and Social Computing, the so-called “Computing Troika”, are already consequences of the business demand for agile and connected IT.
The challenge in this evolution is finding the balance between the business demand for agility and connectivity on the one hand and the IT and Information Security requirements on the other. Information Security can no longer think in terms of perimeters, devices, and system security. There is no closed perimeter anymore. Devices are under constant change. Systems might become Cloud services the next day.
The other part of the challenge is managing the users. Instead of focusing on the employees and a few business partners, there is a demand for rapid on-boarding and off-boarding of customers and business partners in changing business and collaboration models. And there is the need to on-board employees to business partner systems, to manage users in industry collaboration networks, and to manage user access to Cloud services.
Information Security in these days of the new ABC are primarily driven by two evolutions. First there is flexible user management that allows IT to manage the access of all types of users to all types of services – external users and internal users, on-premise IT and Cloud services. Having a (one!) user and access management infrastructure in place to support this change is a key success factor. This infrastructure commonly consists of a mix of on-premise and Cloud IAM.
The other fundamental shift is in what we protect. As the term “Information Security” implies, it is about securing information. In the new ABC, securing information is at the centre of attention. Technologies such as Information Rights Management allow for Secure Information Sharing.
IT that will succeed in supporting the business demand for agility and connectivity will have to move from traditional perimeter and device security towards information-centric approaches and a flexible user management for all types of users. Identity and Information are the new perimeters for security, not the firewall or the device. Rethink your IT and Information Security – get ready for the new ABC.
This article was originally published in the KuppingerCole Analysts' View Newsletter.