ABSTRACT
Enterprises around the globe are increasingly concerned about the risk of cyberthreats and the rising number of incidents shared publicly justifies their worries. In today’s economy budgets are being reduced and technology departments are being asked to cut resources. So, risk up, budgets down. e risk realities are exploited by anyone who uses the downturn in security enforcement to step up the pace of exploitation. Disgruntled employees are also walking away with valued information assets, while businesses scale back on defense in an effort to become more productive. And it’s happening at a time when an enterprise can ill afford downtime, decreased productivity, stolen data, lost sales, and a damaged enterprise reputation. is is what we call the “security paradox” or “productivity versus security.” is debate is becoming harder to implement as single-point external attacks have moved toward multisource external attacks and the model of the “trusted employee” is being eroded. Information technology’s (IT) primary purpose is to make the enterprise employees as productive, efficient, and effective at doing their jobs as possible. Laptops, portable memory, and even smart devices are part of that efficiency/productivity environment, allowing for work to get done on the train, plane, at a client site, or at an employee’s home. Now, the top IT security purpose is at odds with that primary purpose. IT security’s primary purpose is to protect company data, whether from a power outage, an inadvertent erasure, a disk glitch, or more evil efforts, such as sabotage or intentional theft. Another example, the traditional defined enterprise network perimeter around an enterprise’s information assets, is no longer realistic. e enterprise mobile workforce demands that data be portable and instantly accessible from anywhere. is negates the physical barriers designed to keep information secure.
