Secure business transformation
Davey Winder investigates how to best protect enterprise networks and data while embracing BYOD, cloud and virtualisation.
In a rush to embrace the latest transformational business technologies, many enterprises unwittingly leave themselves, and their data, vulnerable to attack.
With the move to cloud computing applications and services, the shadow of Big Data looming large and the all-encompassing and ever-present mobility acronym of BYOD comes an escalating set of increasingly complex cyber-attack vectors. The potential for data breaches, business disruption and reputational damage should not be underestimated during transformational times. The good news is that secure business transformation is no pipe dream. Indeed, it's very much an enterprise reality for those who have taken the time to acquaint themselves with the risks and how best to mitigate them.
Understanding the threat
As transformation projects take shape and start to be implemented it is important that enterprise security is aligned with the business. If it isn't, IT will find itself in the undesirable position of playing catch up. The concern then is that the channels via which data is uploaded and downloaded to and from the corporate network will become a serious security blind spot.
"To ensure that this doesn't happen, organisations need to look beyond the de facto technologies such as encryption and move towards managing document access and availability through application controls," says Tom Salkield, professional services director at Integralis.
It's all a matter of balance if you think about it, as cyber criminals will look to take advantage of moments of security instability that are created when new business technology trends are being introduced. "It is imperative that organisations implement balanced cyber securities to mitigate against this period of instability," warns Dr.Jarno Limnell, director of cyber security at Stonesoft.
"The era of siloed security across the organisation is over. New approaches to security should incorporate pro active strategies seeking to process early signs of danger, build scenarios, enable live-testing, observe behaviour trends and be constantly updated with hackers' latest thinking, tools and methods." In other words, a holistic, 360 degree , 24/7 view over an organisation's entire system of networks, inventories, processes and events is required to enable standardisation and rapid security decision-making across the enterprise.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Striking a balance between digital risk and business reward is essential, but precisely what this consists of is entirely subjective to the organisation involved. It's also dependent on the amount of risk they are willing to take in order to accomplish a specific investment return Dr Limnell argues. "Business leaders need to be wary of the dangers of being blinded by technological innovation, which can potentially dilute strategies and ultimately cause detriment to business enablement and security planning," he adds.
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.