Intelligent Tech Channels Issue 17 - Page 38

INTELLIGENT ENTERPRISE SECURITY Silver bullets of organisational security While no single silver bullet can do the trick having multiple approaches can help writes Mohammad Jamal Tabbara at Infoblox. E nterprises of all sizes are falling victim to very determined malicious actors whose motivations range from financial gain to government sponsored campaigns. The threats are not limited to commercial enterprises but have significant impact on civilian and non- civilian government agencies. The nature of what organisation must address has changed dramatically over the past decade. The threat surface has expanded significantly, the nature of the threats is evolving at an unprecedented rate and the complexity of what makes up an organisation has grown. Organisations have migrated from having a tightly controlled network with endpoints and devices provided by the company, to one where the very definition of an endpoint and device is changing. It is driven by the proliferation of the Internet of Things IoT, organisational policies to allow employees bring their 38 own devices on the network BYOD and the adoption of private and public cloud deployments. The definition of a network has changed too, it is no longer a walled garden but an amorphous structure where users can access organisational resources from anywhere, anytime, and from almost any device. To counter these factors, organisations have started implementing solutions to address security. However, this might be a disappointment to several of you, but reflects reality. There is no silver bullet; no single solution that can address all security issues. A defence in depth approach did not come about by accident but is based on the determination that while you might need a thousand solutions in your network, you need solutions that address different aspects of security. You are not alone. Your networks have changed significantly and you have multiple There is no silver bullet; no single solution that can address all security issues. solutions. That establishes a baseline. The question is what can organisations do differently to be better prepared. Here are some suggested best practices. Introspection This means understanding your capabilities and risks. Just understanding the impact of being breached in terms of cost, downtime and reputation of the brand will help you prioritise what actions to take. Issue 17 INTELLIGENT TECH CHANNELS