Identity management presents new risks
The advent of cloud computing and mobility has led to identity being considered the new perimeter, which is already having a profound impact on how enterprises are secured against both internal and external risks.
This is according to Eren Ramdhani, solutions strategist: security at CA Southern Africa.
"As an example, moving systems from physical servers into the cloud could potentially create a situation where there is a single administrator controlling virtual machines for six or seven different systems. This results in a single point of failure, which promotes a high level of access to a considerable amount of data. This creates a situation where a disgruntled employee - for example - could do a considerable amount of damage, which negates the benefits of adopting cloud computing," says Ramdhani.
While the move towards bring your own device (BYOD) can prove convenient and cost-effective for companies, it also raises their risk profiles, he adds. With employees carrying increasing amounts of company information on their own devices, IT departments are facing new challenges in how to manage and control access to this information, he says.
Inefficient internal processes around privileged user management, data loss prevention, and identity and access management can also potentially lead to serious security breaches, says Ramdhani.
"Inefficiencies here not only expose the company to risk - from both internal and external sources - they can also prove costly. A simple example here is when organisations are carrying extra licence fees for people who no longer work for the company, simply because of a lack of communication between line managers and the IT department around employee resignations."
The need to address current security challenges on an ongoing basis, both at a strategic and an operational level, will be addressed during the security track at CA Southern Africa's management symposium early next year. Topics to be covered include a strategic security guide for CIOs, virtualisation security, and balancing the move towards mobile devices with risk mitigation.
Click here to find out more about this event.