Revisiting IT Security - A Bird's Eye View
Organizations require visibility into user performance as well as the user's security posture when interacting with corporate digital assets
Over the years, we have seen many revolutions that have left a lasting impact on productivity and overall well-being of the human race; be it the Green Revolution in the early 1900s or the Industrial Revolution in the 1800s. The overall productivity has been in a state of relative stagflation for the past few years. However, we now are on the cusp of a new technological revolution which promises to unlock the next phase of growth. The digital revolution has many facets to it ranging from the technologies that have hit early majority like cloud & SaaS to upcoming technology trends around IoT, Big Data Analytics and Artificial Intelligence.
This digital revolution will re-write the rules of engagement for organizations and their customers. Alongside the benefits of improved productivity, deeper customer engagement and growth upsides, the digital revolution has a dark side when it comes to information security. Security issues such as identity theft, espionage and IP infringement related to digital assets have the potential to destroy reputations that took decades to build.
While organizations in India take measured steps in the direction of SaaS-ification, Analytics and AI, they also need to maintain a hawkish stance on their overall security posture. It is imperative for them to ensure their traditional security guidelines that were developed over the years for their digital assets in the data centre, are effectively translated to the new reality of cloud and SaaS.
In today's expanding landscape there are 5 areas of security that organizations should focus on -
Identity and Access: This consists of managing authentication, authorization and access control for users. Organizations are concerned with the lack of control with respect to the business use of SaaS apps e.g. Office 365. They need to provide the appropriate level of access to applications and resources depending on factors like - what device is used to access, the network security in place, the security status of the device etc.
Network Security: This addresses current day realities for workers like secure remote access, limiting breaches through segmentation and ensuring services availability. Flex working is the new norm as employees require secure access to virtual applications and desktops to get work done based on their convenience. Segmentation addresses the need to control network access and limit lateral movement throughout the network.
App Security: This helps organizations build controls to enforce security around applications. Time and again breaches have demonstrated that decentralized management of applications and desktops is inefficient and inconsistent leading to more security loopholes than a security model deployed on centralized applications. Application stacks are seeing an increasing push to be mobile ready allowing employees the use of personal smartphones and tablet devices to get work done. This is where application containerization helps deliver critical corporate information on devices not managed by the organization.
Data Security: The most important part of any organization's digital identity is the data they hold and how they choose to use it. Organizations are concerned about data breaches stemming from various causes such as unintended disclosure, hacking and malware, payment card fraud, insider fraud, loss of
documents, media, and both mobile and stationary devices. IT can prevent data from residing on the endpoints by keeping it in the data centre and mitigating against data loss and leakage due to lost, stolen or destroyed endpoints. Customers implementing BYOD understand the need to separate personal and business apps on increasingly diverse endpoints without having obtrusive security that impedes user experience. Businesses' use of consumer-oriented file-sharing and sync tools presents unsurpassed data security challenges. Corporate secure file sync & share solutions seem to be the de-facto norm across organizations.
Monitoring & Response: Over the last few months, organizations across the board have witnessed an increase in the frequency as well as the intensity of attacks. Monitoring and appropriately responding to these attacks is often the difference between a successful attack and an unsuccessful one. Organizations require visibility into user performance as well as the user's security posture when interacting with corporate digital assets. Detailed logging has been effectively used to help quickly detect both security loopholes and attacks. This also helps organizations comply with regulations and reduce the scope of audits.
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.