IT360 – Four risk categories and how firms can respond


While enabling novel ways of interacting and conducting business, pervasive connectivity is also heightening the risk factor for many organizations, warns one industry insider.

Collaboration is taking many forms, noted John Magee, vice-president of product and services marketing at Symantec Corp. during his keynote at the IT360 conference in Toronto on Wednesday.

They include outsourcing, joint research projects between multiple companies, and several other initiatives – all supported by technology.

These projects – despite their potential – also carry some risk, he said. “At some point in time, organizations became so dependent on IT systems that they can’t live without them.”

According to Magee, risk has also been intensified by increasingly complex IT infrastructures — the result of multiple systems, new technologies, and consumer technologies moving into the enterprise.

Magee identified four principal categories of risk:

• Availability risk, he said, affects the protection and accessibility of data in the event of a disaster.

• Security risk relates to continually morphing internal and external threats.

• Compliance risk pertains to internal IT governance, regulatory compliance, and the ability of companies to protect data and make it accessible in the event of litigation.

• Performance management risk affects an IT organization’s change management capability in the face of new opportunities that support business objectives.

Organizations should assess these types of risk holistically, and devise a strategy to eliminate them, while improving overall IT performance, Magee said.

He rued that risk management is often an afterthought addressed in a disjointed manner.

“The opportunity is to understand risks to your IT environment, and then be able to tackle them not piece-meal, but in a systematic way that spans across all of your applications and initiatives.”

The approach he recommended: standardize then automate IT processes.

Doing this, he said, will effectively get rid of fragmentation, and lack of repeatability that foster risk.

Magee further identified six key process domains “ripe for automation”: security, IT compliance, information management, storage, IT operations, and business continuity.

“If you think about security, [for instance], information flows through an organization. You need to deal with it as it goes from database, to someone’s desktop, and sent out over e-mail.”

Magee described key elements of the evolving threat landscape.

He said collaboration has spawned new business models and a multitude of endpoints that need to be secured.

These include mobile devices that can access corporate networks and serve as storage devices for data theft, said Magee.

Other endpoints are the laptop, desktop, and application, messaging, file and database servers.

User mobility, itself, is pushing the physical boundaries of the enterprise, in that demarcation is now wherever the user is connected, be it a coffee shop or home.

“People are now the new perimeter. It’s not just about a corporate firewall.”


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now