24
PRINT.IT
01732 759725
DATA SECURITY
self-protection capabilities, which
can help strengthen the protection
of sensitive data from both internal
and external threats. Advanced
self-protection security tools can
minimise the chances of human
error leading to a serious breach and
adapt to the rapidly evolving threat
landscape.”
Ross Brewer,
MD & VP
,
LogRhythm
“As cyber-attacks soar to
unprecedented levels, organisations
are starting to realise that data
breaches are now a case of ‘when,
not if’. It’s unfair to lay all the blame
on human error, as cyber criminals
are using increasingly sophisticated
tactics and becoming more and more
underhand in the techniques they
use to exploit vulnerabilities, whether
human or network-related. Not long
ago, businesses could install a few
firewalls and some anti-virus software
and feel confident that those systems
would defend them against attempted
attacks. Today, IT environments
have become far more vulnerable
as enterprise mobility, cloud, and
BYOx continue to break down the
defensible perimeter and add layers
of complexity to security strategies.
The problem is that too many
businesses still rely on these tools.
Cybercrime has come a long way over
the past decade, so it’s crucial that
security practices and solutions are
updated. What organisations need
is an intelligent analytics tool that
continually examines network data,
giving them full visibility so they can
detect and mitigate a threat before
any damage has been done.”
Jason Hart,
vice president and CTO
for data protection,
Gemalto
“Both human error and the
solutions some organisations are
implementing contribute to data
breaches. Passwords are the easiest
access point for cyber criminals,
because once access is gained to
one, the entire corporate network
is opened. Many employees choose
passwords that are easy to guess,
use the same one for several
accounts, or even write them down
where they can be found. Companies
can advise and encourage
employees to use strong passwords
and regularly update them, but this
is difficult and time-consuming.
The new reality is that conventional
data protection is outdated. A
lot of companies still base their
information security strategies
on breach prevention, including
firewalls, antivirus, content filtering
and threat detection. If we’ve learnt
anything from the past it’s that it’s no
longer sufficient to put a wall around
your data and stand watch.”
Q. In your opinion, what one thing
can do most to improve data
security?
TK Keanini:
“The first thing is to
recognise that security affects your
entire business. Your business
being unique, you must pursue a
security strategy that is also unique
and fits your business. Start with
solutions that give you visibility, and
then instrument up protection and
controls that you can monitor and
manage. Don’t be overwhelmed and
think that security is complicated. It
is simple if you treat it as a business
problem – running a business is also
very dynamic and you need visibility
of your business in order to be
successful in a competitive market.”
Simon Crosby:
“Virtualisation
technology will profoundly shift the
balance in favour of security, both
in data centre/cloud environments
and on PCs and mobile devices. For
example, through collaboration with
Bromium in micro-virtualisation,
Windows 10 is many times more
secure than previous versions.
VMWare is also leading on
containerisation and granular
micro-segmentation of data centre
networks.”
Joanna Brace:
“One solution that
combines employee mobility and
productivity with stringent security
is secure, standards-based single
sign-on technology (SSO). This
enables IT providers to deploy
secure mobile access and multi-
factor authentication for their small
business customers as a simple,
cloud-based service that extends
usability, security and compliance
across all mobile devices and
Windows and OSX laptops. This
approach helps ensure company
confidential data stays secure,
private and within their control, even
while it is shared with employee-
owned mobile devices and externally
hosted cloud services. One of the
advantages of SSO is that it is
user-centric – managing employees
first and then all of the devices and
applications they need to perform
their jobs. Each employee is assigned
a ‘user identity’ (either through Active
Directory, LDAP or built-in cloud
directory) with specific permissions
and security controls, which is then
applied to all of that user’s devices.”
Andy Heather:
“Practice data-centric
security. Protect data by encrypting
it as it comes into your systems,
and secure sensitive data at-rest,
in-use and in-motion, not just where
you store it. Remember, with cyber
criminals, it is not a matter of ‘if’
they will breach your systems, but
‘when’. Having all your sensitive data
encrypted means the hackers will get
nothing of value in a breach and will
quickly move on to an easier target.”
Graeme King:
“Educate all levels of
your business again and again on
how phishing works and its potential
impact. Provide real examples of
successful phishing attacks in the
news. Organise regular tests to
see how well staff put into practice
what they have been taught, for
example by sending fake emails
and monitoring how many delete
them and how many click on an
attachment or link. Explain to
individuals who failed the test how
they should have spotted the fake
email. Report to the company as a
whole the success rate of such tests
to highlight the growing levels of
awareness. Celebrate good practice
and encourage those who fail to
follow the lead of their peers. If the
budget permits, hire an external
security firm to advise on and
conduct such tests.”
Richard Cassidy:
“We live in an age
when data is king. We have the tools
and capabilities to track, trend and
identify data with a level of accuracy
unthinkable only a decade ago. Big
Data analysis allows us to identify
noisy and antiquated threat types
with ease and provides a platform to
find the ‘needle in a haystack’ of a
very sophisticated targeted attack.
Unfortunately, it’s not just a question
of technology; how we apply big data
analysis is also key. Data is only
effective when harvested correctly
and without understanding what you
Andy Heather,
VP EMEA,
enterprise data
security,
HP data
security
Richard Cassidy,
technical director
EMEA,
Alert Logic
Mark Noctor,
General Manager,
Europe,
Arxan
Technologies.
Continued...
...continued
