Asia's Source for Enterprise Network Knowledge

Tuesday, April 25th, 2017

Security Without Compromise

Security is a technical and a human problem

Organizations today are challenged by security risks at both the technical level and the human level. At the technical level, network security has become extremely complex because networks have become more complex. To be effective, business operations have come to depend on advanced network architecture and infrastructure. Maintaining and securing this kind of infrastructure, architecture, and capability is out of reach for most small to midsized businesses and challenges even the largest enterprises.


On the human side, governance, processes, skills, and judgment must come together to ensure that the best decisions are made and operations remain secure. It is not just outside threats that are a problem. Organizations must remain vigilant against unauthorized internal activities, either malicious or simply accidental. Judgment and decision-making are critical components in maintaining security.

"Network security has become extremely complex
because networks have become more complex."

The human and technical aspects typically work together to compound the security challenge. For example, many companies prefer to use on-premises applications and systems rather than cloud-based solutions because they feel more comfortable controlling their own security than outsourcing it to the cloud provider. This perspective is understandable, but the reality is that few organizations, regardless of their size, can match the security and skills that cloud services providers can offer. Although perceptions are changing around cloud security, many IT leaders cling to the notion that their in-house security is better than what a large cloud provider can offer—this despite the greater investment and specialized skills that cloud providers bring to the problem.

Another area where human and technical considerations come into play relates to mobility. Mobile technologies are a special challenge, because through them, businesses are potentially bringing internal data to the periphery of the network and beyond to a geographically dispersed group. The data no longer reside in the physical confines of the company’s building or defined network infrastructure. Users want complete access to data on their mobile devices, which means that any one of those devices can become an entryway into the corporate network. This puts the IT department in a difficult position: users expect flexibility, and they want the IT department to be responsive to their needs. But the IT department also has to protect the data and ensure that the mobile devices accessing those data are secure if they become lost or compromised.

 

"The reality is that few organizations, regardless of their size, can match
the security and skills that cloud services providers can offer."


There is never a quick fix to a security problem, and no one knows from where the next big threat will come. To develop a secure posture, IT pros must drive security awareness throughout the entire organization. All users should use strong passwords, be careful of storing unencrypted data on laptops and mobile devices, and avoid taking large data sets from the office. From a technical standpoint, even enterprises may need expert assistance to harden their networks and track threats. Don’t wait until after a security breach to take action!