IT security as a business enabler

What do we mean by business-enabling IT security? It has been our experience that information security is too often an obstacle to innovation projects. But security should really be seen as a step to unlocking new business potential. For example, an online payment system like PayPal is possible only because the problem of fraud was solved. Document protection systems enable electronic workflows that would not have been possible before; and being able to provide adequate security and data protection for cloud services means that companies can start to take full advantage of the benefits of cloud computing. 

We have seen various examples of technocratic IT security, such as E-banking authentication methods with reasonable security but poor usability. Security architecture is often built like a fortress, but if new Internet services need to be offered or B2B communication between services enabled, such security can prove too rigid.

E-banking authentication faces new challenges. mTAN is a good example of a convenient and secure solution, but with the increased use of smartphones for mobile banking, these devices are appearing in the crosshairs of attackers. Using mTAN in combination with mobile business services and phones is not a good idea. The search for next-generation authentication mechanisms – considering the trade-off between security and convenience – is ongoing. Acrea has developed its own methods for analyzing risks and mitigation measures in E-banking authentication that can help with this endeavor.

Security architectures need to be built for the future. They need to embrace ongoing and future trends, such as the diminishing boundaries between the Internet and the Intranet, social media and the mobile Internet. These trends require new ways of providing IT security. Companies should base their security architecture on building blocks, where new blocks are designed and added over time. For example, in order to enable business or operation optimization, such as outsourcing, security needs to provide building blocks for data anonymization, remote software development and testing infrastructures. Designing and building such blocks is a huge challenge and requires a great deal of expertise.

Acrea has a lot of experience in defining security architectures and developing modern building blocks, for example in the areas of usage control and online authentication. We can show you how to overcome security-related obstacles and to employ security as a business enabler.