2015 was another year blighted by security breaches, with some high-profile victims of cyber-crime and millions of customer records lost across the world.
Although it is the big breaches that make the headlines, 60% of all data breaches are experienced by SMEs. When it comes to data theft, being a smaller target is not a deterrent. The inherent value of critical business data is not linked to the size of the organisation.
As we become increasingly connected, security becomes more of a challenge. Mobility, compliance obligations and the ever-changing threat landscape add to the complexity of cyber security. As new threats emerge, new patches or point solutions are implemented to plug the gap in the defences.
The problem with this approach to network security is that it results in a fragmented, inefficient infrastructure. This in turn leads to increases in complexity, costs and management overhead. The resulting “security sprawl” has knock-on effects on the user experience and slows the pace of future innovation.
Effectively, we have the enterprise network equivalent of not seeing the wood for the trees. Adopting a short-sighted approach to fixing the problems at hand is not sustainable in the long term. Organisations need to step back and review what needs protecting and the best way to go about it.
The problem is, where do you start? The enterprise network is a multi-faceted, borderless thing; comprising network components, corporate and user-owned devices, back-up and storage facilities etc. Hardware aside, you also have a range of users with potential access to your systems – employees, customers, suppliers – all of which need to be identified, profiled and authenticated.
Last, but by no means least, is the business data that traverses the network and is accessed by your users. According to the 2015 Verizon Data Breach Investigation Report, a committed hacker can compromise most organisations’ data in a matter of minutes; so data security is paramount.
The high-profile breaches of the past five years have shown that the impact of data loss is not simply an IT issue. It has wide-ranging implications for the business; including loss of intellectual property, breach of compliance obligations, financial penalties and significant damage to your brand and reputation.
Given what is at stake, security needs to be taken seriously. Let’s take a quick look at some of the components of a holistic approach to security.
Network Security Considerations
Unified Threat Management (UTM) involves the consolidation of security components within your network. Fewer components means a reduction in complexity, cost and management time. UTM devices feature built-in resilience, making them suitable for business-critical applications.
Server consolidation operates on a similar principal. Reducing the number of servers makes management and security easier; reduces the footprint (both physical and carbon) of your IT and lowers the cost of provisioning computing power.
Virtualising your IT security infrastructure can also help reduce total cost of ownership. Virtual firewalls, intrusion detection and anti-virus will reduce license, hardware and maintenance costs further.
Unifying your desktop will help offset the complexity of multiple vendors and agents. A single, unified client for all end-points would standardise personal firewalls, VPN, anti-virus and intrusion detection; simplifying the process of licensing, provisioning and management.
Take a good look at your firewall. Over time your firewall estate can become needlessly complex with unnecessary or redundant components adding to complexity and impacting on performance.
Cloud security solutions are becoming increasingly popular. Security-as-a-Service delivers core processes such as email security, anti-spam, anti-malware, DDOS protection, monitoring and threat management from within the Cloud. Eliminating threats and unsolicited mail in the Cloud, before it reaches your premises, has obvious benefits in terms of systems security and performance.
Why not make one of your New Year resolutions a network security one? A security audit will improve visibility and understanding of your IT security, help you identify areas of weakness, realise cost and performance benefits and help define a more strategic approach to security.