Information Integrity: Keeping Your Business Up, Running, and Growing

Information is the fuel of your business. Everything about your company -- product development, sales, customer relationship management, marketing, competitive analysis, investor relations, policy compliance, finances, human resources -- exists in and is managed through your information system. In a very real sense, your information is your company.

At the same time, it’s fair to say that how you protect, manage, and put information to work is the key to your business success. However, in order to put your information to work, it must be available, and making information available increases the risks to it. The fact is, you can’t make your information both 100 percent available and 100 percent secure. Instead, you need to define and maintain an appropriate balance.

But achieving this balance between information availability and information security has proven to be a complex and contentious IT challenge. On the one hand, IT departments have pursued information availability, using tools to make information accessible to the ends of the earth in support of companies’ business goals. Security groups, on the other hand, have worked to provide information security -- that is, to make information inaccessible except to the people who need it.

Needed: a resilient infrastructure
So how does information integrity allow organizations to maximize security and availability? The short answer: by providing them with a resilient infrastructure. A resilient infrastructure recognizes that information security and information availability are much more effective when addressed together instead of separately. This means that IT and security groups use the same tools, speak the same language, and work from the same base of information. It means the blame game stops.

Specifically, a resilient infrastructure combines advanced administration tools -- patch management, provisioning, installation design, license and asset monitoring, backup, recovery, and reporting -- with expertise in early warning systems, intrusion detection, firewall, virus protection, content filtering, compliance assessment, vulnerability assessment, and VPN. The result is that an enterprise is better able to understand, act, and control.

Understand means knowing what you need to know about your information environment, both inside and outside your organization. It means being aware of electronic threats emerging anywhere in the world before they reach your organization. It’s about identifying possible regulatory compliance issues, assessing the effectiveness of security and administration tools, and constantly monitoring the status of hardware, software, information, and other network assets anywhere in your enterprise.
Act is about responding successfully to both vulnerabilities and new business opportunities. It’s securing devices, applications, and networks against threats before they happen. It’s taking steps to be sure information is up-to-date, compliant, and restorable. It’s confidently integrating new technologies – such as wireless devices – to extend your competitive advantage.
Control is about managing information resources to prevent disruptions and minimize downtime. That means provisioning new applications, managing software patches, and taking other steps to keep your enterprise up, running, and growing.

Addressing today’s business challenges
When information is readily available and trustworthy, you can more confidently combat online fraud, one of the most serious threats facing today’s enterprises. The past year has seen a dramatic rise in so-called phishing attacks, which seek to dupe recipients into disclosing personal financial data such as bank account numbers, PINs, and passwords.

Information integrity also helps enterprises take a proactive approach to regulatory compliance. Today’s enterprises are under unprecedented regulatory pressure -- the governance requirements of Sarbanes-Oxley, the privacy requirements of HIPAA, the homeland defense measures of The USA Patriot Act, the European Data Protection Act, the Basel II Accord, the new e-commerce laws passed in over 40 countries around the world, not to mention FISMA, GLBA, and NERC. This regulatory climate requires CIOs to implement policy, process management, monitoring, audit, documentation, and reporting solutions that can ensure accountability, transparency, and compliance. Failure to comply can result in lost business and customer confidence, in addition to financial and legal liability.

Conclusion
Information is your most valuable corporate asset, and when it flows freely and securely it can change the nature of your company. The ability to confidently deploy and use information can drive innovation, lower costs, increase customer satisfaction and loyalty, improve profits, and provide competitive advantage.

Never before has the challenge to be competitive placed so much pressure on enterprises. In that light, information integrity is the best way to keep your business, up, running, and growing -- no matter what happens.

(This is an excerpt from www.symantec.com)