With data, not networks or infrastructure, as the unit of surveillance and action, an adaptable approach to data security is possible. Not another shield for every arrow, but a comprehensive fortress of information control and risk management -- a unifying framework that can best be described as Enterprise Information Protection (EIP).
EIP unifies data-leak prevention, network access control, encryption policy and enforcement, audit and forensics, and all the other wayward data protection technologies from their present state of functional silos into an extensible platform supported by policy and operational practices.
This unified, enterprise-wide, platform-centric ideal is a state change in thinking for many CIOs, yet those who manage the network and see daily the advantage the offense enjoys know all too well the deficiencies in our arsenal. This is not to cry "the sky is falling," but rather to be clear that the more advanced and persistent the threat, the more getting out in front of it is the only option other than surrender.
Geer is chief scientist emeritus at Verdasy, a provider of solutions to secure proprietary and sensitive data for Global 2000 companies. Geer is also CISO at In-Q-Tel and the author of several books on risk management and information security.
Read more about wide area network in Network World's Wide Area Network section.