Mobile technology continues to move forward in all aspects of business, however security issues threaten to slow down the progress. The modern enterprise is waking up to the needs which can be addressed by mobility solutions. Yet the barrier that stands in their way to embrace enterprise mobility is a massive one-security.
For most organizations today, cyber security concern is of top priority on their radar. The most valuable assets that companies own is the information about their business-client records, payroll information, sales data, etc., and the list of the companies who have learnt this the hard way is a long one.
Most security breaches are caused by human error and poor security discipline. For instance, in April 2011, it was discovered that the personal and confidential data of 3.5 million teachers, state workers and retirees in the state of Texas was lying unprotected on the Internet closely for a year. As far as the history of executive management goes, chief executives and IT security professionals do not seem to have a close working history. However, the mammoth security attacks on corporate giants like Google, Amazon, Citibank and JPMorgan have made the CIOs of today to sit up and take notice. Infact it would not be untrue to say that security threats are giving sleepless nights to the leaders of today. As enterprise technology has become more significantly complex and mobile, when compared to what it was five years ago, effective security requires more than a set of guidelines and tactics.
Infact recent research indicates that a single data breach can cost companies up to $7.2 million at an average of $214 per compromised record. This is a warning bell for CIOs to set the agenda as to how IT security should be addressed across businesses. A security breach can lead to serious financial loss, but that is just the tip of the iceberg. It is therefore of utmost importance that CIOs have a clear understanding of security loopholes and be deeply involved in developing and implementing a strategy to combat these threats.
Though it might not come out as expected but, it is human error and not malicious intent that is the primary cause of critical corporate data breaches. According to Gartner, Inc., more than 99 percent of firewall breaches are caused by misconfigurations rather than firewall flaws. With big money being invested for the protection of data in large organizations, CIOs must wake up to the fact that making fundamental changes in the way security is managed and configured, especially at the network level can actually go a long way in reducing the number of security breaches occurring through human error. It is critical for CIOs to identify ways to reduce network complexity and minimize the risk of human error across the security process thus improving the effectiveness of IT security.
Cloud Security: Cloud computing is not a new term for CIOs interested in executing cyber security programs. In simple words, cloud computing allows companies to outsource their IT infrastructure to a virtual environment which is either on a public or private cloud. Therefore cloud computing serves as an effective strategy to reduce technology costs and redundancies.
According to Gartner’s research report, security is the top concern for companies looking at migrating to the cloud. The “lack of confidence” in the security capabilities of the cloud service provider is the top reason why organisations hesitate to take the leap to cloud. Visibility, monitoring, access control etc are among a few security challenges faced by cloud providers. For instance, the disastrous web server failure of Amazon in April 2011 was a breach of service that temporarily brought down the online presence of thousands of its clients.
How will your business be affected if you are not able to access certain data on the cloud? What impact will it have on your customers? How do you make sure your data is not being incorrectly accessed? These are a few questions that CIOs must ask themselves before expanding their dependency on cloud.
As the number of mobile and smart devices accessing critical business information is rapidly on the rise, mobile device security becomes increasingly complicated to implement. The biggest threat here is the device itself. If left in wrong hands, it could be nothing short of a debacle. It is upon the CIOs to prioritize the execution of a policy that strictly lays down guidelines relating to usage and liability of both personal and company owned devices and that foresees the ways and means to combat incoming threats from mobile device usage. BYOD risks, is a high concern of any security manager today as it allows less control than ever on unauthorized access to enterprise data. As enterprise BYOD adoption rates continue to rise, organizations are on the lookout for a tradeoff between BYOD risks and rewards.
There is no getting around the fact that it is infact a formidable task to ensure end to end IT security. It is hard to build a connected risk-aware-culture and it is even harder to change the existing culture. But as the stakes are high, it is highly recommended to have security essentials in place. Measures such as building security into design, controlling network access through monitored access points, centralized device settings and building an automated and unified system to manage and respond to incidents should be implemented to meet the growing cyber security challenges of the day.