Intelligent CIO APAC Issue 01 | Page 35

Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + DAVE SHEPHARD, VICE PRESIDENT ASIA PACIFIC AND JAPAN, BITGLASS EDITOR’S QUESTION The major cyberthreats facing Asia Pacific today largely reflect those faced elsewhere around the world. We connect to the same Internet and use many of the same applications and services. New threats stem from how we connect to those services, how we use them, and whether our existing security controls are up to the challenge of securing a workforce that is largely using cloud and working remotely. In recent months IT teams performed miracles to get almost all users working from home. Many stuck to using what they already had and knew, but it remains to be seen whether those decisions will sustain long term or whether a security strategy built around standard operation environment (SOE) devices, VPNs and corporate networks is right for a modern enterprise. I suspect it isn’t. Asked in a Bitglass survey about their BYOD security concerns, 63% of respondents “ HACKERS AND CRIMINALS WILL LOOK TO EXPLOIT HUMANS AND OUR NEW WAY OF WORKING. said data leakage, 55% said unauthorized access to data and systems and 52% said malware infections. Despite these concerns, the research shows that organizations are allowing BYOD without taking the proper steps to protect corporate data. About half of the surveyed organizations lack any visibility into file sharing apps (51%), 30% have no visibility or control over mobile enterprise messaging tools and only 9% have cloud-based anti-malware solutions in place. Cloud first is the right strategy, however. There’s now an opportunity for IT organizations to re-define their enterprise security architectures, starting with the user, not the firewall, and focusing on cloud, not the data center. Of course, there are security challenges. Bad guys Hackers and criminals will look to exploit humans and our new way of working. According to threat intelligence company Anomali, COVID19 is (unsurprisingly) a popular topic among the community of cyber-adversaries. Most cybercriminals rely on the same tools and tactics; they just have more targets to aim at. In unusual work environments our guards may be lower. People unaccustomed to working from home, or juggling the added stress of home-schooling, may be more susceptible to a well-timed email inviting them to click for news or a health update. New IT security We didn’t grow up in the cloud. We know instinctively the benefits of cloud, but perhaps not the risks or how to best mitigate them. Almost every company with a firewall will have a certified firewall admin, but how many companies using cloud have deployed a Cloud Access Security Broker (CASB), let alone have a certified CASB admin? If users are remote and their data is in the cloud, the firewall won’t save them. • www.intelligentcio.com INTELLIGENTCIO 35