It may not be the most glamorous of topics but business leaders across the globe are finally turning their attention to IT security. From CEOs of small companies to political figures like Angela Merkel and Barack Obama, the message is spreading like wildfire – IT security teams and top management need to talk.
With data loss, breaches and infrastructure vulnerabilities costing businesses money and damaging reputation, corporate bosses are coming to realise that IT security needs to be top of the agenda and – because the stakes are so high – this realisation comes not a moment too soon.
However, this conversation will not be a straightforward one. Unlike a decade ago, even IT security specialists are not in complete control of the ever-changing threats that surround our IT infrastructures. In order to gain back some control, we first need to understand the challenges that await us.
The four major challenges facing us today are:
1. IT infrastructure driven by specialist departments
2. Users behaving like system administrators
3. Data and applications in the cloud
4. Internet-enabled objects operated by strangers
Challenge 1: IT infrastructure driven by specialist departments
A business’ IT infrastructure used to be the foundation upon which data and applications were set, and this determined which applications were used by specialist departments. Today things have been turned on their head. Individual lines of business are launching their own mobile services, cloud services, social networks and big data projects in order to more effectively do their jobs, without sparing a thought for the IT infrastructure the business has in place. And, most alarmingly, this is being done without any consultation with the IT department which is trying to keep the existing infrastructure stable, reliable and efficient.
Challenge 2: Users behaving like system administrators
Users are now promoting themselves, perhaps rather ambitiously, to the role of IT Administrator. Whereas between 2000 and 2010 most employees lacked any in-depth understanding of IT – and they knew it – they now feel capable of using IT in any way they please. This means they are stepping on the toes of the specialists who have a true understanding of the implications of these actions, and are unwittingly putting their companies’ IT security at risk.
Challenge 3: Data and applications in the cloud
Companies have now abandoned their bid to centralise their processes and operations, opting instead to follow the virtualisation trend. The focus on moving everything out of businesses’ IT networks and into the cloud is allowing them to make enormous savings in procurement and IT staff costs. However, just as things were never completely centralised, now things are not completely virtualised. What we have been left with is a mix of distributed data and applications, some of which are run on virtual systems, some of which are stored within the company, and others which are kept in various clouds. The result is that the security specialists are left with the monumental task of managing this convoluted web of data and applications.
Challenge 4: Internet-enabled objects operated by strangers
With the rise of the Internet of Things (IoT) almost every electronic device has Internet connectivity. But who is operating these devices? The reality is that because of IoT there are now numerous players active in our networks – players that we don’t know and cannot control. This begs the question: who can be held responsible for the security of our networks when people we have no access to are affecting them?
So, things have changed. How can we protect ourselves now?
The key to protecting IT security now resides in prevention. Securing all your network’s threat vectors, backing up and protecting all data regardless of where it’s stored, and archiving all communications regardless of where they take place – this needs to be the priority for IT specialists, top management, and those tech-savvy users.
The most important thing is to ensure that this protection is centrally managed so businesses can react to changing security threats. Companies need to have an overview of the whole security landscape. Security vendors that can provide this and protect their customers against all common threats offer the best protection against the major challenges facing IT security today.
CEOs and IT Security experts need to be working together to understand not only how cyber attackers behave but, more crucially, how their targets – the cloud applications, IoT devices, and users – behave. Gone are the days when IT departments had total control over a business’ infrastructure, systems, applications and data, and so now is the time for them to collaborate with the CEOs who are responsible for making the company successful and secure.