The increased adoption of cloud computing and virtualised services within the enterprise is driving a number of trends with regard to the corporate network environment, most notably the centralisation of data, applications and services into data centres, the mobilisation of the workforce, and the consumerisation of IT.
What this means is that a growing number of employees are accessing mission-critical and company-sensitive information on the go, from a growing number of devices, including both work-issued and personal laptops, smartphones and tablets, says Lizelle Christison, IP EXPO Manager.
This gives rise to a number of security concerns, as these shifts exponentially increase the risk of exposing the network to outside threats. And this concern is not lost on business owners, as a recent survey conducted by the IP EXPO UK showed.
Nearly one-fifth of IT professionals fear their businesses may never re-open for business, or would fail shortly after a major security breach, as a direct consequence of that breach. Other findings include the fact that 70% of respondents said they believed security would be best considered collaboratively and routinely across all aspects of ICT, while 47% said they believed their own organisations needed more security-related collaboration between different ICT disciplines. Interestingly though, only 26% said mobile devices such as smartphones and laptops posed the highest risk of data loss to their businesses, while 18% said memory sticks being used for data theft posed the highest risk to their businesses.
The truth is, the biggest risk factor in this regard is user complacency, which makes the user and human error the biggest concern to security, not the technology being used. This means that implementing user best practices, strictly enforcing corporate usage policies, and having a programme of user education, are the best defences against data and information loss from the hosted environment.
This means the approach businesses need to take towards securing their information has to change, as it is no longer merely about compliance risk management. Companies now need to implement strategies that reduce the likelihood of breaches occurring, while at the same time ensuring that these policies and practices ensure a level of business agility that befits today`s mobile usage paradigm, and empowers staff by giving them efficient access to the corporate network without compromising security.
As cloud computing and virtualisation makes the data centre the focal point of the corporate network, organisations need to shift their focus on security, to ensure the integrity of information, and not just tick the boxes in terms of compliance. This entails protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
From a practical implementation point of view, this can be achieved by firstly having the correct systems in place that provide employees with secure access to the company`s electronic vault via various mobile devices, as well as ensuring that the company has the ability to monitor the activity of its users in the cloud. This should include Remote Access Service (RAS) solutions that use the latest technology and security methodologies to provide secure access.
However, to ensure the effectiveness of RAS, companies need to find a technology solution that has the correct combination of usability and security. One of the most widely adopted and effective means to achieve this, especially considering the growing number of mobile devices that are entering the corporate network, has been through the use of browser-based VPN solutions. These solutions work with the browser`s SSL functionality to provide secure access through multi-layer or multi-factoral authentication, often with the use of passwords, biometric authentication and the generation of an OTP (one-time pin). The use of these multi-layered security solutions help to minimise the risk of someone accessing hosted information, data and services through lost or stolen mobile devices.
However, these steps only work when employees with the ability to access the network remotely follow the best practices and usage policies previously mentioned. This should include developing good policies around passwords, especially how they are created, protected and changed, as well as policies around ensuring the security of their devices. This includes elements like Internet browsing policies, as users can often visit sites that pose a threat to their devices, and in turn, a threat to the corporate network.
This basically means everybody within the organisation needs to be actively engaged in dealing with and ensuring enterprise security, with companies carefully balancing the need for security against the need for accessibility. Employees also need to understand and respect the purpose of cloud security and follow the required procedures to ensure they never compromise the hosted corporate network.
Share