To date, the security architecture of many companies resembles a medieval city wall: IT systems are sealed off with a protective barrier (firewall) in a more or less circular format. Entrances and exits are guarded more or less heavily. And this works - as long as there is only a little traffic. Nevertheless, nowadays hermetic sealing is no longer possible or effective. In order to simultaneously achieve security and digitization, more intelligent, comprehensive concepts for enterprise security are needed, with all of this being entrenched in the overall strategy of the company.
In the digital age enterprise security is flexible and dynamic
The Internet has ushered in the age of "Everything Everywhere". Customers' expectations have also adapted. Being close to the customer has hence become a significant success factor for companies. On the one hand, this applies to the front-end towards the customer. For example, when order systems must be made available for mobile devices via apps within just a few weeks. On the other hand, there must be capacity to dynamically set up business processes in the back-end corresponding to market demands.
This can no longer be achieved with inflexible legacy IT. Instead, companies must transform their IT so that, for example, they can obtain resources from the cloud on demand, without endangering enterprise security. The Corporate Governance and Corporate Risk Management departments must be included in this. An additional major challenge in this respect is to embed existing processes into enterprise security management (IS MS – Information Security Management Systems).
Corporate security requires strategic predominance
This requires an individual security analysis, e.g. with the help of the Advanced Cyber Defense (ACD) solution. ACD not only delivers results that allow you to derive a suitable security strategy but also provides reports about security incidents that must be "approached" in accordance with the enterprise security strategy. ACD also offers tools that support the security strategy processes. In short: ACD is an architecture that can be integrated into an enterprise security strategy.
Example: The Next Generation Security Operation Center is the heart of ACD. Here, experts collect information about all relevant attack scenarios. They examine the protection needs of individual corporate values and analyze the IT systems in regard to their potential for danger. In addition, the Security Operation Center (SOC) experts analyze the motives, methods and tools of potential attackers. This helps companies recognize relevant scenarios that could endanger enterprise security even before they are used.
Just as important as early detection of attacks on enterprise security is preventing access to systems and applications by unauthorized persons. Role-based access methods for digital identities in the network are needed for this, for example. This is mirrored in solutions such as the Telesec Chipcard Operating System (TCOS).