Internet based technology and cloud is now central in everything we do, shaping growth, disrupting industry landscapes and providing the catalyst for transformation. Digital Transformation can be considered as the next industrial revolution. We now have a digital landscape where there are no defined borders and data is the new commodity to be bought, sold or stolen. The Internet is there to connect, not protect so it is inevitable that, as data is now king, securing it is a huge challenge.
Before the cloud, we could rest assured that our data was protected sitting in a data centre behind our firewall. Our security challenges were simple – how do I secure my network and prevent intrusions. We secured internal user access to resources locally, and we had a known security perimeter.
Today, with the internet and the cloud, the user can choose applications at random, store data anywhere, applications are increasingly external, and IT departments have limited visibility to provide protection.
So how do we enable the benefits of cloud while still being assured that our data is protected in a world where even organisations with enormous security budgets and elite security analysts are struggling to address modern threats?
To start, you need to change your perspective and work from the assumption that your security will be compromised. Plan for the eventuality by adopting an approach that focuses on protection, detection and response. Adopt a security posture that is:
- Comprehensive in terms of understanding your environment and weaknesses;
- Well-informed in terms of what the modern security challenges are;
- Prescriptive in terms of what steps to take to protect your environment and respond to security events.
To begin to develop your security posture, it will help if you separate your environment into:
- The devices you use, how and where they are used, from data centre to end user;
- The applications you use, where there are located and how they are accessed;
- The data that is updated and manipulated by applications:
- The users who access the data, through the applications, that is stored on the devices.
Then develop your plans and strategies for each layer. Make sure you address your specific needs keeping in mind any internal, regulatory or legal requirements that affect your business directly. And remember, when developing your plans always keeping in mind, what do you do if you are compromised.
Author: Jason Boyle, Operations Director, Aspira