Secure business transformation
Davey Winder investigates how to best protect enterprise networks and data while embracing BYOD, cloud and virtualisation.
In a rush to embrace the latest transformational business technologies, many enterprises unwittingly leave themselves, and their data, vulnerable to attack.
With the move to cloud computing applications and services, the shadow of Big Data looming large and the all-encompassing and ever-present mobility acronym of BYOD comes an escalating set of increasingly complex cyber-attack vectors. The potential for data breaches, business disruption and reputational damage should not be underestimated during transformational times. The good news is that secure business transformation is no pipe dream. Indeed, it's very much an enterprise reality for those who have taken the time to acquaint themselves with the risks and how best to mitigate them.
We have seen the aftermath of enough IT security disasters to know that while it may seem expensive to spend money to avoid the risk of something happening, the cost of not spending that money can dwarf that spend.
Understanding the threat
As transformation projects take shape and start to be implemented it is important that enterprise security is aligned with the business. If it isn't, IT will find itself in the undesirable position of playing catch up. The concern then is that the channels via which data is uploaded and downloaded to and from the corporate network will become a serious security blind spot.
"To ensure that this doesn't happen, organisations need to look beyond the de facto technologies such as encryption and move towards managing document access and availability through application controls," says Tom Salkield, professional services director at Integralis.
It's all a matter of balance if you think about it, as cyber criminals will look to take advantage of moments of security instability that are created when new business technology trends are being introduced. "It is imperative that organisations implement balanced cyber securities to mitigate against this period of instability," warns Dr.Jarno Limnell, director of cyber security at Stonesoft.
"The era of siloed security across the organisation is over. New approaches to security should incorporate pro active strategies seeking to process early signs of danger, build scenarios, enable live-testing, observe behaviour trends and be constantly updated with hackers' latest thinking, tools and methods." In other words, a holistic, 360 degree , 24/7 view over an organisation's entire system of networks, inventories, processes and events is required to enable standardisation and rapid security decision-making across the enterprise.
Striking a balance between digital risk and business reward is essential, but precisely what this consists of is entirely subjective to the organisation involved. It's also dependent on the amount of risk they are willing to take in order to accomplish a specific investment return Dr Limnell argues. "Business leaders need to be wary of the dangers of being blinded by technological innovation, which can potentially dilute strategies and ultimately cause detriment to business enablement and security planning," he adds.