Security back at the top of the exec agenda
Security back at the top of the exec agenda
In the wake of the recent Sony Playstation hack, Amazon EC2 outage and Epsilon data theft, information security is once again back in the news – for all the wrong reasons.
Recent security breaches not only represent public relations nightmares for the companies involved and identity-theft concerns for their customers, they are also a reminder of the vulnerability of computer networks. And the latest security snafus have reopened an age-old debate: is security primarily a behavioural or a technology problem?
“It’s very easy to lose sight of the fact that fraudsters will always tend to gravitate towards the easiest system to crack,” says Andy Cordial, Managing Director of UK-based security specialist Origin Storage. “Put simply, this means that if you make it difficult enough for them on your own firm’s IT systems, they will go elsewhere.”
Technologies can provide a highly cost-effective solution to securing both data at-rest and data that needs to be moved around, including across and even outside the office – and good security, Cordial argues, is all about deploying the optimum security for a variety of situations. With a centralised database, there may be an argument for the use of multi-level authentication technology alongside encryption, meaning that even if the encryption system is broken for whatever reason, access to the data can still be restricted. And when IT staff have to move data around on a portable basis, perhaps for backup purposes, they can use multi-level security.
“Most security professionals understand that a multi-layered approach can be the best option,” he says.
Ray Stanton, Executive Global Head of BT’s Business Continuity, Security and Governance Capability Unit, agrees with the idea of a multi-layered approach, but insists that security is about assessing risk, not just vulnerabilities, and that often an organisation’s biggest risks lie within the workforce.
“Organisations are under threat as much from their own people and processes as they are from external fraudsters, hackers and thieves,” he says. “Even simple mistakes can have damaging consequences – wiping out valuable data, for example. If your processes aren’t right, you could be failing to meet legal or regulatory requirements in a way that could prove very expensive indeed.”
For any company, but especially for large corporations with a global reach, customer and brand confidence is critical, and the key to maintaining and enhancing this confidence is to manage company risk postures effectively. To do this, says Stanton, you need to look at your business top-to-bottom and from every angle.
“You need to put the right measures in place and not just pay them lip service. This means beginning with a strategy that is aligned to the current business plan and objectives because this is an imperative to success. From this hangs your framework for building sustainable, repeatable projects that flex and grow with your business – being able to manage whatever and whenever something is thrown at it.”
Such an approach means that when something goes wrong, the organisation has the fundamental processes and constructs in place to deal with it. Stanton likens it to the philosophy of South African professional golfer Gary Player. “He liked to say, ‘Isn’t it lucky? The harder I try, the harder I train, the luckier I get’. That’s exactly the approach that we need to have to security.”
It’s an increasingly pressing issue. According to research from Quest Software, professionals are regularly compromising business information by using insecure and risky shortcuts to make their lives easier in the workplace. In a survey of over 1000 office workers and 500 IT professionals in the US, 42 percent of employees opt to keep password details written down and within easy grasp to prevent slowing their workflow, with Millennials – younger generations who have grown up in a digital world – finding it harder to remember multiple passwords compared to other generations in the workplace. Over half of professionals admit to sharing log-in details with colleagues, while 23 percent still have access to log-in details from previous employment.
It’s a topic that will no doubt be on the agenda at the NextGen Security Europe Summit 2011, which takes place from 14-16 June at The Oitavos, Cascais in Portugal. This closed-door summit, hosted by GDS International, features some of the leading voices in the US financial services technology sector, including Chris Van Den Brink, CISO at Akzo Nobel; Rainer Kessler, Group Information Security Officer for UBS; Rolf Hafner, CISO at Volkswagen; and Mark McFadyen, Global Head of Information Security at Royal Bank of Scotland.
Along with addressing workforce-related information security risks, other key topics for discussion will include dealing with the adoption of cloud and virtualisation technologies, tackling the social media explosion and how to manage – and secure – an increasingly mobile workforce.
NextGen Security Europe Summit 2011 is an exclusive C-level event reserved for 100 participants that includes expert workshops, facilitated roundtables, peer-to-peer networks and co-ordinated meetings.
For more information, visit www.ngsecurityeu.com