Story image

Current IT security not up to the job – time to make some changes

14 Nov 2017

A new report has emerged that proposes organisations need to change how they think and view data itself as an endpoint in order to improve its security.

The independent research was carried out by IDC and sponsored by Covata and stated data is an asset that is increasing in value, created and stored in a constantly growing variety of devices.

“It is also increasing in volume, its value only realised by sharing – and only with those who are authorised to view it. And yet hackers are seemingly able to steal this data with ease from those that are unable to secure it sufficiently,” the report states.

Another point alluded to in the research is the fact billions of dollars are spent around the world every year on various forms of IT security, and yet, data breaches are still happening.

“Strategies to protect data must evolve if we are going to successfully protect this valuable resource in the future,” says vice president of Security Practice for IDC APAC and  co-author of the report, Simon Piff.

“It’s clear from the almost constant barrage of headlines announcing the latest data breach that we are not able to secure this asset with the strategies we have used in the past. Perhaps by reconsidering our approach to how we think about data, we can create improved strategies to secure this increasingly valuable asset.”

Covata’s CEO and managing director, Ted Pretty shares these sentiments.

“To greatly reduce security issues, organisations should implement solutions that follow data from its creation to its end of useful life, and ensure only authorised users and processes can access, use and amend the data,” says Pretty.

“Traditional perimeter security strategies that have focused on hardening the networks and systems supporting the data, rather than the data itself, are what needs to change. A perimeter-focused strategy is no longer sufficient, and many security technologies are simply applying that same failed approach.”

In terms of what needs to be done, the report states organisations need to reconsider their overall security strategies.

The perimeter is gradually dissolving with the implementation of technologies like cloud, mobile and IoT, which means data needs to be elevated so that each data object can itself participate in the security portfolio.

As aforementioned, the report says despite the billions of dollars spent, it’s clear that the security solutions we have in place today are simply not up to the job – hence the ongoing high-profile data breaches.

“It is time to rethink how we secure the data by considering data as an endpoint with an active role to play in the overall security strategy rather than as a passive element in transactional systems … To be successful, organisations must develop a program that focuses protection capabilities on the data itself,” the report states.

Recommended actions for organisations:

  • Consider how and where the data is created, captured, transmitted and stored, and where the vulnerabilities are greatest along this value chain
  • Identify offerings that can secure that data at its earliest point of creation and throughout its life cycle, regardless of whether this is on- or off-premises
  • Realise that not all data is of the same value, and that value may differ from an internal (your own) and external (the hacker’s) point of view, and then apply the relevant levels of protection
  • Establish a process that can constantly evaluate this value based on impact to the business, impact of legislation and impact of new threats and vulnerabilities
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."