Data - secured environment - A priority for enterprises
Known vulnerabilities – The adoption of open-source platforms has levelled the playing field for many organisations. Enterprises today, look to integrate off-the-shelf software packages to existing platforms, reducing cost of developing tools in-house. In the process, it is easy miss the risk of existing vulnerabilities being exploited by cyber criminals. HPs Cyber Risk Report 2015 highlights that 44% of security breaches in 2014 came from 2 to 4 years old vulnerabilities. Regular software patches and skill set upgradation is important to avoid common misconfigurations and protect the business assets.
"Enterprises should look at a global provider of managed security services, which is uniquely equipped to balance between cost, performance and operational objectives with a solution tailored to business requirements"
Internet of Things – The evolution of IoT implies more devices becoming part of the communication ecosystem. With IDC predicting that 212 billion devices will be connected by 2020, the growing relationship between the IoT and cloud, can potentially multiply the number of endpoints connected to cloud computing environments exponentially, which may have severe security implications. IoT may provide excellent business opportunities, but companies should be mindful about ensuring that access is limited and secure. Sensitive data should be encrypted, access must be restricted, while role based access must be treated with utmost importance.
Best practices for a robust security environment:
1) Threats and Compliance – Organisations must take a deep-dive into what specific threats are on the rise and what concerns their business the most. Also worth looking into what new compliance rules (depending on varied nature of business) are set to kick in and accordingly evaluate the need to change the play of products & services. This assessment can help organisations chalk out the most serious potential risks
2) Applications – Managed services and cloud environments are being used to deliver applications which work in tandem with one resource calling the other. This provides flexibility but also provides access points for attacks. Organisations should build a roadmap to deploy defences at appropriate touch-points, protecting mission critical applications and improving application security posture
3) Event logs and response plan - Event logs provide ongoing and a near real-time view into what happens in the network. It is one of the most important diagnostic tools. Event logs also help measure overall health of the network and help set up a plan for multiple incidents that might occur in the IT environment. Organisations should create efficient incident response/recovery plans for smooth running of the business and regularly update their security environment
Services to adopt for a secure enterprise environment:
Here are some key services that can help create a secure environment that not only takes care of existing threats, but also targeted evolving and unknown threats:
DDoS protection – A managed service from an established service provider capable detecting a DDoS attack and removing all malicious traffic, before it reaches corporate IT systems
Data Loss Prevention – Hardware and software solutions to constantly monitor data entering or leaving an organisation’s network, and business-critical data stored across all devices. This includes automated alerts to enterprise users to take appropriate actions
Malware Protection – Protects organisations from known as well as unknown, zero-day threats. The core technology within the service uses advanced file analysis and sandboxing techniques for identifying ‘signature-less’ threats
Security Incident and Event Management – This service provides with information on overall security posture by analysing logs from enterprise networks, servers and applications. The enterprise is presented with actionable information that can be used for auditing the network and taking steps to secure the weak areas
Enterprises should look at a global provider of managed security services, which is uniquely equipped to balance between cost, performance and operational objectives with a solution tailored to business requirements. The combination of multiple deployment models provided by an established player will help deliver highly secure, flexible and cost-effective solutions.