A whole new world

The past 12 months have seen the IT threat landscape evolve almost beyond recognition.

  • E-Mail
A whole new world Should users be allowed to plug personal devices into the company network?
By  ITP.net Staff Writer Published  October 10, 2011

The past 12 months have seen the IT threat landscape evolve almost beyond recognition. So how can you ensure that your IT infrastructure is safe from the rise of cyberwarfare, sophisticated cybercrime, and threats from within your own network?

The last 12 months have been turbulent for CIOs and their security counterparts. A range of new threats, combined with a number of trends, are making it increasingly harder for IT to control its ecosystem.

These changes are driving the need for IT security policies to change, largely in response to a growing realisation that treating security as a technical issue led to many of the problems enterprises faced during the previous decade.

That realisation has driven a number of changes to the way that enterprises handle their IT security. “Technically, as always, IT security measures have to be implemented to prevent, detect, and correct security related events,” says manager of Systems Engineering EEMEA at Citrix , Yannick Kunegel. “In addition, enterprises need to consider the strategic need. What is the level of security necessary to appropriately protect sensitive data? This must be well known, and articulated – both by IT, as well as the board.”

It’s a point echoed by VMware’s manager for system engineers in MENA, Deepak Narain. “Our security model today is technology-based. We built our infrastructure, and then added technology to create a hard shell around it. This worked fine when boundaries were well defined, and in general, we knew where the assets that needed to be protected were.

“However, with the shift to the cloud, this model we rely on is starting to fall apart. The concept of a shell doesn’t really work when your assets are floating within a cloud, or across multiple clouds. This means security strategies have to change as well. For example, instead of modifying existing security technology to become virtualisation-friendly, now is the time to change the model so that security is part of the cloud itself, rather than a shell around it.

“Today, if security isn’t woven into the DNA of your company, then you’re not going to achieve success by adding it later, like you can with technology,” he adds.

However, cloud computing isn’t the only IT trend placing pressure on IT departments around the world. The consumerisation of IT is another such trend. “One of the major issues in computer security today is the ability of employees to easily circumvent protections built around a corporate network with seemingly innocuous devices, such as smartphones, MP3 players, and USB keys,” explains Intego chief executive officer, Jeff Erwin. “An employee may receive emails on their iPhone or iPad, and forward them to fellow employees, who may be inside or outside of the protection their company’s network affords them.”

Importantly though, the consensus amongst most of the experts is that attempting stop this trend is not only a waste of time; it is also dangerous as it will force you to take you eye off where the ball is going. “I think the key is to think in terms of ‘follow-me security’,” argues senior regional researcher, UK, at Kaspersky’s global research and analysis team, David Emm. “That is secure staff wherever they work, and with whatever device they are working with, be it a desktop, laptop, or smartphone.”

A key part of this, Emm explains, is being able to understand that this means managing smartphones – even those devices that aren’t owned by the company – as part of the wider IT infrastructure. Crucially, he explains, it means stopping thinking of security as something that exists between the four walls of the office. “It means being able to define policy depending on someone’s location, or the device they’re using,” he says. “Security settings for the office LAN don’t need to be as stringent when I’m working from an airport lounge, for example.”

However, policies aren’t the only way to protect the integrity of company data. With around 80% of market share for tablets, iPads are the endpoints enterprises are most likely to come across. But Apple’s restrictive approach to device security – locking out everyone, including the security companies – poses problems to enterprises that need to be able to show they are following regulations.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code