Cyber criminals are becoming increasingly resourceful and cunning and the sophistication of attacks threatening businesses today has reached unprecedented levels. Added to this is the growing reality of cyber espionage which threatens to divulge sensitive and sometimes confidential organisational information.
The need for security is clear, but with the ever increasing number of laws and regulations governing data protection and accurate reporting the need to prove this security has also increased, on top of shrinking budgets and a desire to decrease administrative efforts. Research and experience have proved that connected enterprises face a large number of threats which are serious, pervasive and are constantly on the increase.
A slap-dash approach to security will no longer suffice, and organisations need to adopt a holistic approach to security that covers the whole field of information security activities in a consistent and unified way if it is to meet the evolving needs of today’s world.
Step 1: Develop and enforce IT policies
The security landscape of the enterprise has changed, with increasingly complicated environments that include mobile devices as well as remote workers, geographically distributed organisations and the need to offer services to internet users that ultimately equate to a business network without physical boundaries. This means that simply deploying security products is no longer enough to protect the business.
The physical infrastructure still requires protection, because the old threats have not gone away, but any modern security policy needs to focus on protecting information. To develop such a policy it is vital to understand the nature of the threats faced as well as any regulations and legislation that may apply to a particular business. Policies should specify operational parameters and should be carefully monitored and enforced across the enterprise.
Step 2: Identify your main vulnerabilities
In order to understand where the main vulnerabilities lie, a risk assessment of operations, including IT systems, needs to be conducted. This provides a basis for identifying and prioritising areas that need to be addressed. Vulnerabilities may exist in IT spaces, but equally business and operational processes as well as people themselves can present areas of vulnerability. It is no longer possible to address external or internal vulnerabilities as separate entities; they are both equally important and must be dealt with in security policies.
Step 3: Protect the information
There is today an increasingly broad range of threats facing computers and mobile devices that have access to the internet, including malicious applications, inappropriate actions by the user, theft of the device, loss or misuse of detachable media such as USB sticks, and interception of communications between the device and servers. This means that even when information is held on servers or in a data centre is must be protected from these threats as well as from issues with backup and threats from insiders who have administrator level privileges. Data protection also needs to ensure that data is available when it is needed, and should make certain that reduplication of data occurs to minimise
storage requirements.
Step 4: Authenticate user identities
Good information security requires organisations to limit the people who are able to access sensitive data and what they are able to do with the data as well as to know who is accessing what information when and why. As an example many people may be able to read a file but it may be desirable to only permit a few to modify this or take it out of the organisation. For auditing and compliance purposes it is also often necessary to know who has accessed particular files. For this reason it is important to have a system that validates user identities for the purpose of accessing information. This need is even more prevalent in remote circumstances, in which case a secure VPN link is required to protect data from being intercepted. Data usage policies should always include reliable identification of users for maximum security.
Step 5: Manage systems
If the configuration of the system is not well understood this introduces inevitable insecurities, so good system management is vital in ensuring a secure infrastructure. Virtualisation has introduced new challenges in this space, as multiple virtual machines are created for specific and often temporary needs. These redundant machines can then cause a risk of data leakage and so need to be carefully managed.
Step 6: Protect the infrastructure
While a lot of emphasis today is placed on securing and protecting information, it is still vital to ensure adequate protection and maintenance of the physical network and infrastructure. Infrastructure still needs protection from malicious attacks and botnets, both from an internal and external perspective.
The damage that can be caused by malicious software is well understood and denial of service attacks need to be stopped before they can penetrate the network. All components of a network require protection from malware, including end-points, servers, email systems and so on. A large proportion of malware these days comes from infected websites and legitimate websites being hacked, so it is also vital to protect users while they are browsing the Web.
Since data availability is important for maintaining business activity, data backup and recovery also play important roles in protecting data. And with the increasing move towards virtualisation, infrastructure security also needs to include not only the physical platforms but also the hypervisors on which virtual machines run.
Adapting to the new security challenges facing connected enterprises today is no simple task, and requires a very specific, well thought out approach to ensure that data and users are kept as secure as possible at all times. The consequences of data leaks and compromised machines are well known, making the need for security even greater than ever before. A holistic approach to business IT security and data protection which covers each of the six aspects mentioned above is vital to ensure security, and therefore vital to business continuity in the modern world.
Expert Speak: Fred Mitchell
Fred Mitchell is Symantec Division Manager with South Africa-based Drive Control Corporation