Identifying Corporate Pain Points

Do you know which security areas cause potential customers the most corporate pain?

There are many different “Pain Points” that make a business vulnerable. Understanding what they are is the first step towards solving them. Even more importantly, demonstrating where innovation can help address Pain Points will better contextualise new technological innovation. This is what potential corporate champions should and will demand.

Some of the key Pain Points that security-related innovative technology should address are reflected in the ISO 17799 IT Security Techniques Code of Practice, including:

•    Risk Management
•    Access Control (including Identification, Authentication and Authorisation)
•    Logging and Monitoring
•    Networking Technology
•    Operations and Infrastructure
•    Awareness, Education and Training
•    Organisational Security
•    Asset Management
•    Personnel
•    Physical Security
•    Business Continuity
•    Legal and Compliance

Risk Management is a serious area of vulnerability with a whole host of factors that need to be taken into account. These include, but are certainly not limited to:

•    A deperimeterised environment
•    Lack of interoperability
•    Preserving reputation
•    Security awareness among end users and staff
•    Digital Immigrants vs Digital natives
•    Balancing risk-taking with being risk-averse
•    Mitigating risks of remote and home working
•    Converting technical metrics to business metrics
•    Securing VOIP
•    Data sharing
•    Handling legacy systems
•    Intellectual property rights

The industry needs innovation that helps businesses manage risk better, whether that is by addressing a threat (such as impersonation, accidental loss of data), closing vulnerabilities in existing technology and processes, or improving the risk-assessment management process.

It seems obvious but it is also important that innovation does not increase the levels of risk involved. Information must be secure, with appropriate access levels and protection from malicious damage. Procedures must also be in place to ensure that the business is able to continue effectively when information is lost or destroyed.

It is also important for Innovators to consider the various external pain points that a company must deal with:

•    Regulatory pressure
•    Global governance
•    Security/compliance of third parties
•    Trend towards organised crime on the internet
•    Tracking external dependencies

Understanding what all these Pain Points involve and what they mean for IT Innovators will go a long way to address the classic confidentiality/integrity/availability threat scenarios faced by corporate champions. And this is absolutely imperative if industry adoption is to take place.

[We wish to thank Dr David King, chairman of the Information Security Advisory Forum for his important input into this section (drdavidking@theiet.org)]

• Are you Cut Out for Business?
• What's your Appetite for Pain?
• Hard truths about corporates
• Grasping Corporate Mindsets
• Punching above Your Weight
• Futureproofing your Innovation
• Identifying Corporate Pain Points