Beating the risks
New technology needs a new approach.
Organisations are becoming increasingly exposed to information security risks as more enterprises embrace new web and communication strategies. By rapidly embracing mobile communications tools and technologies such as cloud computing, social networking and virtualisation, organisations are breaking down the traditional boundaries that protect their data assets.
There is an increasing emphasis on enforcing new security best practice to protect “hyper extended” enterprises. If your enterprise uses new technologies, then you need to assess the risks before adoption and deployment.
A recent survey by IDG Research Services showed that a significant number of respondents had no strategies in place to assess the risks involved in adopting Web 2.0 technologies. The survey also showed that some respondents had deployed technologies without informing corporate IT security. More than 80% of respondents said they were concerned that cost and revenue pressures had increased their exposure to security risks and 70% claimed to have experienced heightened security issues over the past 18 months. The survey also revealed that 44% put employee “acceptable use” policies for social networking tools and sites in place. The majority of respondents agreed that they needed to improve their approach to enterprise security.
The survey highlighted the risks associated with having security policies in place that are not aligned with today’s evolving technologies. The emergence of cloud computing has resulted in undefined security and piracy policies and compliance requirements. The survey illustrated how unsure the enterprise is on ensuring data integrity and compliance on infrastructure services.
The enterprise must work on improving information security in the new business environment. While yesterday’s battles remain important, security teams need to focus on policies that embrace data shifting while protecting confidentiality, integrity and availability.
The best way to do this is to protect data, not the container. However, enterprise data is increasingly stored in places that are difficult to secure due to mobile devices and the growth of virtualisation. Security teams support around six different types of end-user devices. Thankfully they can build on work they have already done to protect against threats. They also have the advantage of knowing the architecture of their systems better than those trying to penetrate them.
In order to reduce security risks, the enterprise needs to take stock of the assets that absolutely require protection and leave out the ones that do not. This will free up resources, increase efficiency and give the enterprise more control over their secure environment. Robust policies need to be developed to govern acceptable use of technology, to ensure that staff know how to use valuable tools as securely as possible.
Procedures for monitoring and managing internal and external data must be included. User education gives a company an opportunity to train staff to securely utilise the data tools at their disposal for maximum productivity. But enterprises need to be aware that user policies are only practical when users are aware of them and understand why they are important and observe best practice. When you take a service- focused approach to security, you are more nimble in responding to your customers’ needs. You should be continually monitoring the needs of the market with a portfolio of assessments, training, access management, data protection and network security.
Security teams need to understand that like rust, risk never sleeps and that new technologies to pro-actively secure networks need to be embraced. The time is right to introduce more standards in information security. Accreditation is one solution being mooted and a similar approach to other professions such as engineering would enable the security industry to ensure more accurate evaluation skills. Sharing information helps security people to learn from one another’s experiences. Enterprises need robust systems to review incidents and identify ongoing weaknesses.
Hyper extended enterprises need to adopt a policy that secures data in an increasingly decentralised and virtual environment. Those companies that do, will reap the rewards while those that ignore the warnings will expose themselves to increasingly sophisticated threats. A strategic approach to information security is required to help organisations deal with the constant evolution of technology. The result will be a stronger global business community that can work together against the security risks.