A managed program model is a powerful way to provide IT services related to security. By making sure that there is a dedicated team or individual coming into a business on a regular basis to monitor security, upgrade systems, and install patches as needed, a business can have greater confidence in its overall risk management strategy.
Robert Haas, the head of application strategies for the public sector division of HP, sees the need for businesses to continue using existing security strategies even as they implement new ones that will address both current threats and those likely to arise in the future. "With the recent publicity around some high-profile security breaches and cyber attacks... We're seeing an increased focus on some of the traditional approaches, as well as some new techniques that are being used to approach newer technologies as they are being introduced into the environment."
According to Haas, traditional strategies include approaches such as defense in depth. This involves using several layers of security to ward off attacks that try to enter a business network. An example of defense in depth would be a system in which if a firewall is breached, but the intruder must still contend with tight access controls or encrypted data.
Traditional approaches were often reactive in nature, but new approaches, says Haas, tend to be more proactive. These include status updates conducted in real time and risk assessments that allow businesses to use their security funds more strategically.