Story image

Three considerations for security strategies

29 May 13

With stricter regulations governing data inevitably coming into force, the impact to any organisation of a serious data breach has never been greater.

CIOs have a mammoth task in ensuring a positive outcome in an organisation’s security programme.

To meet changing compliance obligations and reduce breach risk, it is important for CIOs to align their security investments with the underlying business goals of the organisation.

Defining Security Processes

Security processes are the backbone of good security and CIOs have to clearly define them so that all employees, from the boardroom down, understand the role that they must play to keep data secure.

However, as the IT infrastructure and the way users interact with it becomes more complicated, so too can the processes.

Organisations must identify, define and validate existing processes as well as detect and create new processes.

They will then be in a position to automate processes more efficiently to execute the security strategy.

By automating security processes and removing unnecessary human intervention, errors can be reduced and resources focused in the right areas.

This enables the CIO to more easily allocate resources to focus on enabling and securing new business initiatives, such as a more cloud-centric thinking, greater mobility and so on.

For example, incident response processes built around Security and Information Event Management (SIEM) technology can more effectively incorporate anomaly detection, forensic analysis, identity context, reporting and will streamline and reduce the length of time to respond to events and mitigate their effects.

This in turn gives the CIO greater confidence that business units are operating securely even as they execute on new IT plans.

Identifying the right Technology

Vital to any underlying security strategy is the ability to provide employees with privileges based on their roles.

This helps to enforce strong controls and ensure that all internal and external activity is monitored to provide visibility into any potential misuse of privileges and external attacks.

Security solutions available to the CIO to incorporate into security strategies include end-point security, data loss prevention, malware detection, good authentication, web session intelligence, identity and access management (IAM), identity and access governance, secure provisioning and SIEM.

The level of control afforded by these solutions provides the capability to manage vast numbers of people who could be accessing resources, systems and applications at any given time and in a combination of physical, virtual or cloud environments.

SIEM solutions are designed to help quickly identify security threats to an organisation and potential breaches before significant damage is done.

With thorough analysis of network event and log data in real-time, SIEM solutions can alert the security team to any potential security risks, data breaches and insider threats.

When IAM and SIEM are deployed together, it is possible to examine the full context of a user’s activity and evaluate user roles and privileges, adding a level of valuable insight to a security environment and laying the groundwork to easily roll out new business- enabling technology – a key capability for any CIO.

Playing it safe

While it might not be possible to eliminate the possibility of data loss completely, by implementing a comprehensive security strategy incorporating SIEM solutions, the CIO will be better able to keep sensitive data secure and provide reassurance to the executive leadership that their security requirements are being met.

This, alongside clear guidelines for staff on data protection will secure an organisation from any potential data breaches that are damaging to the business.

While tools and technology are important, CIOs need to also continually invest in security education. Threats and tactics change. Trends such as ‘Bring your own device’, cloud, and mobility complicate the way information is used.

Therefore, the awareness training of users must also stay current and relevant. Otherwise, the best monitoring tools in the world won’t help prevent the damaging, and sometimes completely avoidable, breaches from continuing to occur.