Trends in business security:The need for information security and how it ties to cloud initiatives.
As we are moving to the cloud to utilize hosted and other managed services, we have to think about information security. If you think back a little more than five years, security was essentially a firewall because we sent email back and forth – and we had to understand who was sending us what and if it was malicious. Now, with mobile devices and other technologies, the attack mechanisms have grown, ten-fold.
Below are excerpts,ideas and summarizations taken from an article by David Lichtman, the publisher of the Sacramento Business Journal who sat down to interview Darren Peterson, Vice President of Commercial Sales at Consolidated Communications, the parent company of FairPoint Communications.
The latest challenges…
We are all mobile. That mobility can open access points for the bad guys. And yet, when our own users have difficulty getting into the network, that’s almost as troublesome. So the real dilemma is how do we provide access, remove the challenges, and still offer adequate network security?
When we think about security for businesses, it’s not just the“bad guys” out there in cyberland. There are questions concerning folks right at home as well. Do I have employees that are spending too much time on Facebook and is that a vulnerability? Or maybe I have employees that should be on Facebook – but they shouldn’t be making in-app purchases– and that is a threat.
Anyone in the security industry will tell you the weakest link in security is the users, because we don’t control what the guy next to us opens in their attachment or what links they click on. We, as individual users, regardless of our role in a company, have to think about what we are doing and how we can better educate users.
The key for businesses is the ability to assess your own internal resources. If you are a large organization, most often, you have more resources to take on the task of self-assessment. If you are a smaller organization, you may need to think about going outside the company because it is really hard to stay current with what’s going on in the security marketplace from both a technology standpoint and from an attack standpoint. So, the goal is really to make sure we understand who-is-who and what information or content is acceptable, and what is not.
With the right planning, you can secure your own facility well – but,just as an example, if you have an application in the cloud that’s got a direct connection back into your facility and it’s unsecure, you have a real issue. You have a vulnerability that’s easy to exploit. I would say that the biggest challenge in how you secure that, is making sure that you have either an internal resource or a partner that will look at your entire strategy and your entire technology base and not just various components of it.
Today what we’re seeing in the communications industry is the next-generation firewall. Part of the benefit of this evolved firewall is that most outsourced security comes with a subscription that ensures you are constantly getting the latest updates and upgrades.Because we all know we don’t have a week or two to upgrade or patch when there’s an attack that’s causing major disruptions.
For most IT information security professionals, they know it’s not “if” … it’s “when” is the next attack going to come, and what are we going to do about it? With limited resources, you have to get a baseline assessment to understand your biggest risks and vulnerabilities, and create a plan to tighten up.
I believe you need to find people or organizations that you can trust to help – even the largest organizations have partners when it comes to security. It comes down to making sure that you’ve identified the right resources – whether those are employees, partners or, almost always, a combination of both to solve some of the current challenges. I would say the best practice is to understand what your challenges are, what your needs are, and do a real honest assessment. Many times it’s hard to do a thorough self-assessment–we all have that challenge.
There are plenty of statistics out there that say that when a company has been compromised or customer information has been compromised, that there is a substantial financial impact. It’s also a big challenge when a company is off-line or not able to operate their business properly. So data security is a multi-layered task. One of the newer risks in information security is ransomware. Ransomware is where someone gains access to systems or information and demands a “ransom” from the organization with the threat of either bringing the company down or withholding information until a sum of money gets paid. It’s a more sophisticated attack that would be something that the larger organizations generally need to think about a lot more than the smaller ones, but it’s a threat that’s out there.
My advice is be an educated user of technology – at home and at work. There’s some simple things like keeping your applications updated … don’t open attachments from unknown senders … don’t provide any personal information until you’re sure who is asking for it.
Almost always when companies are pushing updates to their applications, many are security-related. So keep up with your current versions of subscriptions that are security-based, whether that’s malware, a next-generation firewall or something else.I think the key is do your best, and don’t be afraid to work with partners or others that have expertise on securityand make sure you are staying up-to-date.
Read the full article, IT Security: Questions and Answers.