South Africa's mid-sized companies are lagging behind enterprise-level companies when it comes to protecting themselves against internal and external security threats.
On an international comparison basis, the top-tier local businesses measure-up very well in terms of protection. One step down there is a different picture altogether.
“Unfortunately, in these companies there is much less focus on security. Often security is just rolled into the key performance indicators of general IT activities and is not a responsibility consciously shared between IT, risk management and the board of directors. Internationally, the focus on security and risk management has been driven by the enforcement of regulations, which is a phase SA is about to enter into,” says Hedley Hurwitz, MD of Magix Integration.Local companies are fairly advanced in establishing their perimeter security, but continue to underestimate the threat from their own trusted employees and third parties they interact with. Internal security still remains the biggest risk, with almost no visibility of activities and commensurate controls. An integrated IT security solution is the best investment a company can make.
“As more people face the prospect of unemployment or want access to a better lifestyle, the temptation level rises to steal information, which has a street value, and manipulate systems and data for financial gain. The insider threat grows stronger as the computer literacy of the average employee increases,” adds Hurwitz. “No matter how complex and impenetrable perimeter security solutions become, the external opportunist will always find internal people looking to make some extra money. As always, without the correct policies, procedures and solutions in place, most will have a good chance of escaping without being caught.”
Magix Integration will be showcasing a number of IT solutions designed to help companies manage their internal and external risks and threats at stand 23 at this year's ITWeb Security Summit. These include:
* Intellinx – This solution provides detection and protection against enterprise fraud, whether it stems from inside or outside of the organisation. It is perfectly suited to tackle fraud in the call centre, insurance, medical aid and financial service arenas, among others.
* Safend – Secures and protects the endpoints on a company network. It stops data theft and manipulation through its content discovery and inspection, encryption and comprehensive device and port control. Safend solutions are used around the world by small to mid-sized companies, multinational enterprises and government agencies.
* ObserveIT – Provides the ability to audit and record all user activities performed on a company's server platform. It records and indexes every window session on a network – either via remote access or console access, according to usage metadata. All recordings can be searched, navigated and replayed to identify any specific activity. Detailed reporting and real-time alerting ensures strict compliance with corporate security policies.
* IP Locks – Offers non-intrusive monitoring of the enterprise database environment. It is able to work across multiple database platforms. It has five components: vulnerability assessments, user behaviour monitoring, user privilege monitoring, metadata monitoring and content monitoring.
* Varonis – Gives companies total visibility and control over their data residing in documents and is able to ensure that only the right users have access to the right data at all times. It is suited to a whole range of companies in a variety of vertical sectors, including the financial services, healthcare, energy, manufacturing and technology arenas.
* IronKey – Provides companies and organisations with the power of authentication, encryption, identity management and privacy via specially manufactured USB flash drives. Specialised management software and associated services allows enterprises of all sizes and types to take back control of the mobile data that has been leaking out due to the uncontrolled proliferation of USB drives.
* Lieberman – On show will be Lieberman Software's Enterprise Random Password Manager, which provides privileged password security. It allows business owners to identify and document critical IT assets, delegate who can access certain accounts and enforce rules for password strength. It also has an audit and alert functionality so that the users wanting to access the system have their purpose and requested duration documented. Management are also alerted to unusual access and activity.
Our comments policy does not allow anonymous postings. Read the policy here