With mobility now a core business requirement, and the consumerisation of IT changing the way people think about the technologies they use, organisations need to rethink security to fit a new set of requirements like containerisation and data access from anywhere, on any device.
This is according to Brendan McAravey, country manager at Citrix SA, who notes it is no longer about providing employees an all-access pass to the network, but cohesively managing networking, virtualisation and containerisation technologies to give employees the flexibility to work from anywhere and feel confident their work and personal data are secure and separate.
"There is no going back to the days of monolithic IT, locked-down networks and deskbound employees, and there's no point in clinging to security models designed for that time - they just don't work."
The new model needs to be simple, applicable to every information access request and transactional decision, while protecting data, says McAravey.
John McLoughlin, MD of J2 Software, says security has always been device-driven and reactive - but in today's environment, businesses need to be proactive work and security needs to be focused around people.
A number of high-profile security breaches around the world have pointed to how costly and devastating this security breaches can be to a business, says McLoughlin. These organisations have spent massive amounts of money on perimeter security measures yet there are constantly reports about massive breaches, he adds.
"While perimeter security will remain vital, it is time for organisations to put more focus on internal visibility."
He points out most organisations don't know what is actually happening with their systems and information, whether it is on or off the network, and it is impossible to manage what you cannot see, he adds.
In SA most organisations know the importance of rethinking security strategies, but because there is no drive from the top, this is simply ignored, says McLoughlin.
"Because in SA businesses are not legally obliged to disclose breaches, they are swept under the carpet and organisations pretend that breaches do not happen to protect themselves from reputational damage."
Companies need to employ an attitude of "trust but verify", says McLoughlin. By reducing user constraints and making sure there is total visibility, organisations will empower their employees to react appropriately to incidents, he adds.
Also, it is important to adopt a no-blame culture - identify which users are not compliant and find out why, notes McLoughlin, adding this way, users can be assisted in understanding risks and they will respond appropriately.
Share