Security is not an IT challenge, but a risk issue
By Richard Craig, Ubusha senior consultant.
The success of any business in the modern world is largely linked to its intellectual property (IP) and the critical and confidential information it has about customers, finances or new product lines. Therefore, it is clear that any breach of security could easily lead to serious negative consequences for the organisation, says Richard Craig, Ubusha senior consultant.
However, securing an enterprise IT environment effectively is no simple task. Organisations not only need to ensure the implementation of the relevant technologies to protect their corporate environment, they must also craft effective security policies and appoint experienced people to monitor it all. The majority of organisations are good at putting in place the technologies necessary to protect access to their business-critical information. However, without the correct processes in place governing the use of these technologies and the right people in charge monitoring the situation, there is little chance of success. You can never solve a problem of this nature merely by throwing technology at it.
Overcoming the challenges
After all, effective technology may be able to detect an unwanted intrusion, but unless policies are in place regarding the appropriate reaction to the intrusion, and the right people are available to action the policy, the best technology in the world will be of no use.
That is not to say that having leading-edge technology is not a critical step in the right direction. One of the major challenges facing enterprises today is the fact that there is such a high level of complexity in the IT security landscape. Large organisations inevitably have myriad technologies across the business, making it that much more difficult to secure these disparate offerings.
This is where the security, information and event management (SIEM) system comes to the fore.
The IT security landscape is very fluid and organisations must be flexible and proactive in dealing with threats.
SIEM not only correlates security events and situations across multiple systems, but it also puts intelligence behind it. This enables it to not only perform standard detection and prevention duties, but also to pick up on events that may only appear abnormal when correlated to events in other systems. The next level of security involves the implementation of effective policies and processes that are correctly mapped to the implemented technologies. Moreover, these policies need to be regularly revisited, as the security landscape itself is fluid and changes constantly. The reason for the continuous updating of such policies is because, at its most basic, cyber crime is committed by people who circumvent existing processes. For this reason, new ones need to be developed all the time. When doing this, it is vital to ensure you identify the business challenge you are trying to solve first. The policy can then be altered accordingly.
The right security partner
A truly effective security system should blossom from a policy perspective, with the technology serving as an enabler of these policies. However, this is easier said than done and ensuring that the technology and the policies are properly mapped together may require the assistance of a partner with strong experience in the security, risk and compliance space.
By mapping the entire enterprise security landscape from top to bottom, assessing the existing technologies and systems, and developing an understanding of the organisation's IT maturity, such a partner can identify exactly where disconnects between the two exist.
Moreover, such a partner can assist with the third crucial cornerstone of effective security: the people. Without the right people monitoring and controlling the technologies and policies and interpreting the data and acting upon it, the enterprise's security solution is doomed to failure.
And since the largest portion of security threats actually occur from internal, rather than external sources, this begs the question: "Quis custodiet ipsos custodes" - who guards the guardians?
The answer to this can be provided by the right security partner, which will solve the 'people' challenge through the implementation of an external security operations centre (SOC). Handing the monitoring of security systems and policies over to an external service provider experienced in the security field only makes sense.
After all, an enterprise never utilises in-house security guards to provide physical security for the property; it inevitably subcontracts this to an external entity. Since the organisation's very existence is dependent on keeping its IP and confidential data secure, the same principle should certainly apply to IT security.
The implementation of a comprehensive IT security system requires that access must be managed at all levels - from the operating system to the applications. Moreover, this needs to be done in a cohesive manner that encompasses people, processes and technologies, and all three aspects need to be up to scratch if such a security solution is to succeed. Having the right security partner on board from the outset can go a long way towards ensuring that success in this arena becomes a reality.