Moving into an information world

Alex Kayle
By Alex Kayle, Senior portals journalist
Johannesburg, 15 May 2009

The hacker community is no longer focused on stealing network time or crashing networks, they are after information.

This is according to Allen Baranov, security analyst for South African Breweries, who sits on the SABMiller International ISO Forum.

On the second day of the upcoming ITWeb Security Summit, he will discuss issues surrounding information security as well as Web 2.0, data loss prevention (DLP), de-perimeterisation, consumerisation and cloud computing.

No longer sufficient

Baranov claims the traditional model of information security, which is more focused on network security, like firewalls, and host security, including patching, is no longer sufficient.

“New technologies such as Web 2.0 and new threats such as malware that work around network protection are appearing all the time. We need to protect the information itself as well as the network, servers, and so forth,” he says.

Baranov adds: “At the moment most companies take a Web 1.0 view and have either ignored the problem of information leaking out through Web 2.0 or, alternatively, have blocked Web 2.0 sites in their entirety. Some companies have embraced Web 2.0 technology with strict policies and information-centric technologies such as DLP.”

Collaborate with business

Information security technology is by no means new and according to Baranov, it is still incomplete, expensive and not widely deployed.

ITWeb Security Summit 2009

More information about the ITWeb Security Summit 2009 conference, which takes place from 26 to 28 May 2009 at Vodaworld is available online here.

Still, he adds, it is better than nothing. “From a personnel side, information security experts are usually sourced from two groups - auditors or network security technicians. These groups traditionally consist of people who are more comfortable working with technology or working with documentation. Neither quality is truly effective for information-centric security. They need to be able to interface with business at all levels to see what information is important and where it should be moving.”

When asked why a company needs to drive awareness around information security, Baranov points out: “All companies use information to keep going and to make business decisions that can bring growth. We are entering a new era where criminals are stealing information and real financial losses are being experienced by companies that don't take information security seriously. The problem of information theft is not going to go away and companies need to know how to deal with it.”

Related stories:
Hackers target security vulnerabilities
Information warfare rages
Fighting fire with fire
Hackers go underground