CIO Zone

Business users key to saving enterprises from cyber threats

Read time 3min 40sec
Tallen Harmsen is head of cyber security at IndigoCube.
Tallen Harmsen is head of cyber security at IndigoCube.

Companies cannot secure themselves against cyber attacks unless they share responsibilities for securing their business data and IT infrastructure among businesspeople and the IT department.

This collaborative effort can only result from potent leadership that advances the cyber security posture of the firm to overcome the riskiest elements in cyber security today.

This is a departure from tradition because IT departments were always understandably responsible for data and system security in the past, not the businesspeople who used them. That’s because it’s a traditionally complex and specialist function.

But the traditional approach also neglected, to the hands of ill-equipped and sometimes woefully undertrained IT technicians, the nuance and complexities of business processes and workflows, the conduits by which businesspeople create, manage and consume their data. These are the differentiators by which companies compete to gain and retain customers, maximise market share and increase sales.

The ability to positively impact outcomes is precisely why Amazon Web Services (AWS) so clearly stated it adopted a shared responsibility cyber security model. AWS secures the infrastructure but customers are responsible for the assets that ride it.

It makes sense in the cloud service provider model that customers are responsible for the systems, applications, data and processes they wrap around them. They own it, they work with it, it’s their baby.

It’s also still the portion of cloud-hosted solutions that hackers most often seek out. That’s because the systems and applications themselves are often the more secure elements of any IT system. Rather, it is how people set up, maintain and use the systems that expose them to security risks.

And that is why you really need a symbiosis of IT specialists and businesspeople to maximise system, application and data security that minimises exposure to hackers. These increasingly synergistic unions work hand in glove to create, manage and consume the data but also secure it and the underlying infrastructure. Together, these professionals lock out the bad guys and maximise accessibility, while creating an excellent platform for governance.

It’s a tried and tested approach in the Amazon world and it’s the best approach for companies to use internally as well.

It’s a tried and tested approach in the Amazon world and it’s the best approach for companies to use internally as well.

It takes care of the main challenges that expose organisations to cyber security risks. It ensures systems are setup properly by the IT people, that the business users and IT people jointly maintain them and the data correctly, and that the businesspeople continue to use them responsibly; all the while providing enhanced regulatory compliance and governance.

IT specialists traditionally do not understand the context of the data they’re being asked to secure. They also often have little to no control over the processes businesspeople execute when they work with that data.

IT personnel and business users must collaborate to perform a variety of functions. Re-certifying the data at regular intervals is an important one. It ensures data owners have the required visibility into their data; who can access it, including which systems; and it gives them the opportunity to approve or revoke administrator privileges, essentially keeping them up to date.

Approving and observing workflows also means departments and other data owners are included in the decision-making process. Regular data classification activities ensure they’re kept up to date, and file activity monitoring provides crucial information on high-risk behaviours or data users.

It’s a brighter scenario than users claiming innocence when security is breached, based on having months prior viewed a slideshow, while somewhere in the IT department somebody must pack their bags. That doesn’t help anyone and certainly not the business and its customers.

You can reverse that traditional scenario when you create a means for IT and businesspeople to collaborate. You involve business users in re-certifying the data, the access and roles around who can manipulate the data, and get them to review the behaviours around data functions, at regular intervals, empowering them to both act and be responsible.

Tallen Harmsen
Head of cyber security at IndigoCube.

Tallen Harmsen has more than 14 years of experience as a security consultant and 21 years in the IT industry. He has been exposed in depth to the financial services, insurance, healthcare, pharmaceutical, mining, retail and logistics sectors. In his role as head of IndigoCube Cyber Security business, he engages progressive business solutions that challenge the emerging and entrenched threat landscapes.

Have your say
Facebook icon
Youtube play icon