While it was once considered good enough' to leave network access control to a simple pairing of username and password, those nave days have long since been left behind if you talk to pretty much anyone in the enterprise security space.
So why is it that so many businesses still use this basic login approach, and even more worrying, why do so many employees use the same pairings for everything from business networks to social networks?
Isn't it time for every enterprise to move beyond the basics and re-evaluate security controls if they really want to be seen to be taking data protection seriously?
Peter Regent, director of online authentication at Gemalto, certainly thinks so. "A multi-layered approach, with two or more forms of identity verification, will ensure only authorised users gain network access," Regent told IT Pro
"A smartcard solution encompassing certificate-based authentication and Public Key Infrastructure (PKI) certificates will enable only authorised employees to access sensitive information and will allow for a full audit trail of all access events".
Do that and your enterprise will attain a similar level of protection to corporate information assets that banking customers expect from chip and pins card when getting cash from ATM machines.
10. Supply Chain Insecurity
No, supply chain security didn't immediately spring to our minds either when compiling this list, but Adrian Davis, from the Information Security Forum, provided a very persuasive argument for including it.
He reminded us that the tsunami in Japan highlighted the global and interdependent nature of physical supply chains and the potential for their disruption. Less remarked, but by no means less important, is the information that binds these supply chains together. This information can range from trade or commercial secrets and intellectual property to mundane items such as quantities.
All this information, however, is critical - without it, the supplier cannot fulfill its part in the chain. "Any acquirer or purchaser needs to conduct due diligence on its suppliers before entering into a contract or relationship," Davis warned.
"That used to include finances and legal issues. Today, however, due diligence must include how well a supplier addresses the security of its own and other organisations' information. Once the acquirer and supplier start working together, this due diligence should be repeated on a regular basis - either through audit or assessment - and backed up by regular reporting and discussion".
