In the world of e-business, security architectures must be built to address the new risks to security, capacity, performance and even survivability. Traditional information security processes and technologies-such as backup, firewalls and encryption-are improving, effective and necessary. But they're not enough."The environment and the technology are extremely complex, and securing them is a moving target," says Neil Cooper, senior manager of the security practice at New York-based PricewaterhouseCoopers. Furthermore, he explains, the exploits are more and more sophisticated, and the people who are conducting the exploits are becoming more and more sophisticated
As a result, protecting systems and data requires an increasing and continuous level of sophisticated monitoring and testing.
Security is a process, the experts say. No computer security product, or suite of products, exists "that acts as a magical security dust, imbuing a network with the property of 'secure,'" according to cryptologist Bruce Schneier, author of "Secrets & Lies: Digital Security in a Networked World" (John Wiley & Sons, 2000).
Security is about risk management, he says. "Detection and response (are) just as important as prevention, and reducing the 'window of exposure' for an enterprise is security's real purpose."
"You need to protect your perimeter," says Ken Tyminski, vice president and chief information security officer, The Prudential Company of America, Newark, N.J.
And understand what your perimeter is, he adds. "The old perimeter of the door on the front of the building has rapidly changed in this environment, as well as in your network environment."
