Threats to IT security have gradually increased as the international Internet culture has spread and evolved, leading to a blurring of private network perimeters, says Belgium-based Microsoft security expert Detlef Eckert.
"As mobile data access has increased, virtual private networks have 'softened`, and an increasing number of unmonitored computers have been connected to the Internet, traditional perimeter security has become less reliable as means of defence," says Eckert.
Delivering the keynote address of the two-day Information Security World Africa event being hosted concurrently with Business Continuity World and Storage World by Terrapinn at the Sandton Convention Centre, Eckert emphasised that current conditions demanded a new approach to security.
"User education, physical security and perimeter security are still important, but the focus needs to shift to placing greater security at the data level because perimeter security is unreliable," Eckert advised.
"This involves protecting specific data assets by introducing and enforcing greater access control through data rights management and using encryption techniques," he explained. However, he cautioned that there would always be a trade-off between security, usability and cost.
"Although new technologies and application are making the choice easier, it is impossible to satisfy all three demands equally, organisations will always have to choose the two most important to them," said Eckert.
Other solutions recommended by Eckert included the introduction of network isolation capabilities, internal network segregation and application-aware firewalls. "It is no longer sufficient to firewall ports and protocols," he warned. "Application payloads need to be examined and unmanaged computers need to be separated from networks."
Eckert also emphasised the need to formulate and enforce policies consistently throughout organisations, a theme that was echoed by keynote speakers in the business continuity and storage conferences.
"The problem has been that most operating systems were designed before the Internet became so pervasive or default protocols were established, so security measures were an afterthought," said Eckert.
Despite the current security challenges, Eckert said the solution ultimately lay in security by design, but this would not be achieved by any single application or software company. It required an industry partnership that would have to overcome the element of competition as well as involve anti-virus software makers, independent software vendors and public policy makers.
Share
