Perimeter security not a panacea for data breaches
Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organisations continue to believe perimeter security technologies are effective against data breaches.
This is according to a recent Gemalto report, which surveyed 1 100 decision-makers, and which notes that in the next 12 months, the majority of respondents' organisations will increase their investment in perimeter technology.
The report says 68% will increase investment in perimeter security, 63% of respondents says they will increase investment in data security and 54% will do the same for identity and access control.
Commitment to invest in these technologies, on top of past substantial investment, demonstrates that organisations are willing to spend great sums to protect their data, it adds.
However, despite increased investments in perimeter security, organisations have not made significant improvements in reducing the number of data breaches, says the report.
"This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security," says Jason Hart, VP and chief technology officer for data protection at Gemalto.
Many businesses, including those in South Africa, typically respond to increased data security threats by shoring up their perimeter defences, notes Hart.
The days of breach prevention are over, yet many IT organisations continue to rely on perimeter security as the foundation of their security strategies, he adds.
He believes IT professionals need to shift their mindset from breach prevention to breach acceptance, and focus more on securing the breach by protecting the data itself and the users accessing the data.
Neil Cosser, identity and data protection manager for Africa at Gemalto, says if history has taught us anything, it's that walls are eventually breached and made obsolete.
The variety of breaches are vast and are becoming more sophisticated, notes Gelmato, adding security technology will need to be robust to protect organisations from attack.
While protecting the perimeter is important, organisations need to come to the realisation that they need a layered approach to security in the event the perimeter is breached, says the study.
Employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, can protect the whole organisation and, most importantly, the data, it adds.
Martin Walshaw, senior engineer at F5 Networks, says the nature of security approaches is changing rapidly, from being perimeter-oriented with well-defined borders to protect to now being more dynamic in nature with granular requirements across the network, the devices, and the applications.
The simplistic approach of placing a security appliance in front of defined perimeter is a thing of the past, he adds.
"With a number of high-profile breaches making news headlines recently, we're starting to see many IT professionals realise that the key is to have a multi-layered security approach, providing security at the edge and at the core though encryption," says Cosser.