Approaching security differently
By Karl Fischer, DevOps Team Lead at Obsidian Systems
With worldwide cyber security spending expected to approach $42 billion by the end of this year, businesses are increasingly turning their attention to solutions that feature integrated protection. The proliferation of multi-cloud environments and shadow IT systems are further driving the need to orchestrate, manage and create security visibility without losing agility and speed.
In South Africa, June next year sees the implementation of the Protection of Personal Information Act (POPIA), which further complicates the cyber security landscape, especially how it relates to sensitive customer data. Many companies are simply following a tick-box approach to compliance, but the financial and reputational damage that a breach creates means a more focused strategy is required.
Even though cyber security has been an element of IT systems for decades, companies that still view it as a bolt-on component will never be effective at preventing attacks. The focus must now turn to working with vendors capable of testing, automating and building roadmaps and supporting tools for observability of compliance for organisations. Embracing cyber security as an element of compliance, integrating it into all aspects of business, empowers organisations to monitor whether they are meeting their fiduciary responsibilities.
The lockdown has forced companies to start thinking differently about their cyber security. Regardless of where employees are based, the systems must be in place to protect all entry points in such a digitally driven corporate environment.
With people returning to the office, the security landscape shifts to include hygienic practices as well. The risks that workers face at the office is whether their desks are clean, or a sensitive document is removed from the office printer instead of being left in the out tray for anybody to take. Furthermore, from a compliance perspective, the physical documents that have been kept for the mandatory seven years will require on-site shredding. While these activities might seem trivial, not adhering to them could result in similar financial and reputational damage as a cyber breach.
Looking to the future
With thoughts already turning to the new year, security discussions will certainly be easier to have, thanks to the digital transformation brought about by the COVID-19 pandemic. The office of the future will look significantly different to the environment earlier this year. Remote working will become part of the status quo and integrated security will be even more critical to protect employees regardless of where they access the corporate network from.
If the lockdown has shown corporates anything then it is the importance of continually reviewing their security policies. Being compliant must therefore not be considered a necessary chore. Instead, it must be viewed as a vital component of any digital transformation project. It enables the organisation to safely adopt to innovative technology opportunities while safeguarding sensitive information and data.