Mind the gap
One of the biggest challenges facing organisational security is not a lack of relevant and effective technology: it is the siloed approach adopted by business leaving large gaps.
It is a well-known fact that some of the biggest security threats an enterprise inevitably faces are internal in nature. When this is coupled to the fast adoption of digital business process, related rise in cyber-crime and the increasing incidences of identity theft and breaches, it becomes clear why identity management is so important to the modern business.
The trouble is that if one looks across a typical enterprise IT environment, there are a multitude of disparate systems and enterprise applications implemented, creating a siloed effect that limits the potency of the organisation's security. When digital transformation customer-facing processes are done in isolation of enterprise-wide information security governance, this particularly can lead to big gaps leading to increased vulnerability to the organisation.
A good example of these disparate silos is how, as a product of digital transformation, Chief Digital Officers (CDOs) are starting to develop their own bespoke solutions at the front end of the business. If there is not the necessary collaboration with the Enterprise Information Security teams to that the enterprise-wide security reference designs are a key component of these solutions, this creates a gap that can open up an area of vulnerability.
In addition, since the boundaries of the CIO and CDO often overlaps, it creates a potentially large hole between IT and the business, which can be more easily exploited by those nefarious entities seeking a way through the company's security measures. It is in this heterogeneous world of vendors, customers, staff where a platform that addresses the gaps should be fundamental to every security decision. The more complex the organisation's internal and external stakeholder ecosystem is, the harder it is for the Information Security teams in the organisation to minimise this risk across the whole ecosystem, and not just the enterprise-wide ecosystem.
This gap is sometimes enlarged further by having Chief Security Officer in the organisation; also, there are sometimes employees involved in undertaking risk and compliance matters, but not necessarily also covering security issues. This only adds to the number of silos, and thus the number of people who have different agendas and outcomes, leading to a variety of different security measures and requirements.
What is needed to overcome this is an overarching platform that can provide control of all of the various security measures, policies and requirements that have already been implemented. A solution that is both robust and flexible enough to address diverse business requirements throughout the enterprise's internal and external ecosystem. A solution that runs on top of the other security offerings and integrates with these, eliminating the need to rip and replace existing security measures.
Such a solution should rely on strong authentication and verification as a way of ensuring that the user seeking access is who they say they are. Ultimately, the key to a successful security solution is to have only trusted users with proven identities engaging with business applications, systems and workflow processes. Moreover, understanding who the trusted users are will help reduce friction in business processes on how these users engage with the various business applications, while improving the security of transactions and workflows across the organization.
Security has never been more important to the enterprise than it is today, and yet it seems that the gaps created by digital transformation are widening, rather than reducing. To bridge these gaps, an overarching, strong authentication security solution has become more vital than ever.
Such an offering can help CIOs to tighten up governance across both the enterprise and its stakeholder network; it can eliminate the headaches caused by multiple silos and the legacy thinking related to these; and it can improve productivity and reduce complexity resulting in increased transactions, profitability, less friction and lower operational cost.
iCrypto is an identity centric enterprise platform that provides organisations with the tool sets to establish true identity, multifactor authentication, trust elevation and attestation across the enterprise stakeholders eco system.
iCrypto will be showcasing its products and innovative technologies at the ITWeb Security Summit, southern Africa's definitive conference and expo for information security, IT and business professionals. This year, over 70 expert speakers will deliver key insights across 7 tracks, including workshops and training courses during the expanded 5-day event. The ITWeb Security Summit will be staged at Vodacom World, Midrand, from 22 - 23 May 2018; and CTICC Cape Town on 29 May 2018. Focused and interactive workshops, as well as in-depth training courses will be run in the days around the main conference and exhibition.
For more information, go to www.securitysummit.co.za. For information on Security Summit Cape Town, go to http://v2.itweb.co.za/event/itweb/security-summit-ct-2018/.
Vasilis Polychronidis, Ph.D., M.Sc. EE.
CEO, Co-Founder - iCrypto, Inc.
ITWeb Security Summit 2018
Registration is open for the ITWeb Security Summit 2018, being held in Johannesburg on 22 and 23 May and in Cape Town on 28 and 29 May. This is the must-attend annual event for information security professionals, featuring international speakers, workshops, as well as a beginners' guide to cyber security. Click here.