What must businesses do to ensure effective enterprise-scale security management?
There are a few major security concerns on any business, most notable are how secure is my environment from being breached or hacked, how resilience are my systems to quickly recover if in the unfortunate event a breach does materialize, how do I know if my systems are fully protected and the controls in place are effective whether they are people, process or technology related.
Major concerns that are trending right now are data security and how much data stored within an enterprise is of value, critical nature and requires protection for regulatory requirements. Cloud security management and what level of effectiveness and visibility can be achieved when cloud services are adopted to list a few.
Secure remote access has been around for many years with services such as SSL VPN and published services where remote users can access internal resources in a secure manner, when combined with Multi-Factor Authentication and Device Level Authorization provides the strongest level of security. You then introduce additional challenges by enabling mobile workforces – what happens if an employee’s device whether it is a smart phone which has corporate emails or a corporate laptop which has sensitive financial results is either lost or stolen. Device encryption, mobile device management and remote wiping abilities all then come into place. Mobile workforce presents major security challenges but support agility in business; having said it is certainly possible to secure this in the right manner.
For us this is about being simple, effective and building maturity that is measurable on a cyclic basis. To have effective security management you need to run security like clockwork that is a well drilled machine, security processes that are embedded into critical business processes, sound security culture, strong technology practices, skilled resources and of course good eco-system of trusted 3rd parties that you can work. All of that is wrapped around well-defined security policies, procedures and processes. To measure effectiveness KPI’s for security must be defined and measured across the various domains, understand your level of security maturity and benchmark yourself against others to understand if you threat footprints is in line with your investment in security.
Innovations in cyber security are clearly around the use of machine learning and potentially artificial intelligence. Automation is key and this can be achieved with security related tasks, building consistent security topologies, network security architecture, pre-hardened systems when spinning up virtual machines, applications that are secured by spinning up docker apps which are already security vetted are all tasks that can be automated and we see secure-by-design through automation as a key innovation that will be realized in the coming year or so. Coupled that with advance machine learning techniques to detect hacker profiles, threat attributes and exploit attempts will overall improve both containment and detection capabilities. There are use cases for using blockchain in cybersecurity such as Anti-Spam and Threat Intelligence but they are yet to be proven for mass deployment and be advanced than current offerings.
What must businesses do to ensure effective enterprise-scale security management?
There are a few major security concerns on any business, most notable are how secure is my environment from being breached or hacked, how resilience are my systems to quickly recover if in the unfortunate event a breach does materialize, how do I know if my systems are fully protected and the controls in place are effective whether they are people, process or technology related.
Major concerns that are trending right now are data security and how much data stored within an enterprise is of value, critical nature and requires protection for regulatory requirements. Cloud security management and what level of effectiveness and visibility can be achieved when cloud services are adopted to list a few.
See also: