- Category: March 2011
As this issue of Asian e-Marketing focuses on “Security in the Digital Age”, I want to highlight once again an article that Andrew Milroy, ICT Director, ANZ, at Frost & Sullivan wrote.He stated that while the IT industry may successfully generate billions of dollars each year by selling security products and services to corporations, there is still a long way to go before they can feel safe.
The fact is that most security breaches are internal, caused by employees or other authorized users (such as contractors) of corporate systems. These groups are the ones most likely to compromise the integrity of an enterprise’s system, not external hackers. All that needs to be done is to insert a thumb drive with malicious code into a USB port to undermine hugely expensive security investments. In spite of this, much more focus tends to be placed on external threats.
According to Andrew “it is reckless to allow employees and contractors to carry highly sensitive data around with little consideration of the consequences of losing the laptops and smart phones that house the data”, pointing out that this particular security threat does not receive enough attention.
Many enterprises do not put enough focus on changing the behaviour of their users by making them aware of security policies and the reasons for those policies. Few ensure adequate control of basic access to their physical premises and to end-points that form part of their network. It also seems that few enterprises track the location of sensitive data which physically moves around with their employees and contractors.
Ensuring that everybody who accesses enterprise networks is trained to follow appropriate security policies is an extremely challenging task. For this reason, it is necessary to consider other ways of mitigating the risk of an employee or contractor from compromising security.
One way of doing this is to source as much of the enterprise’s computing resources as possible on the cloud, as managing the security of heterogeneous on-premise IT environments is a highly complex and almost impossible task.
Minimizing the amount of on-premise resources that a corporation manages greatly mitigates risks associated with security breaches. Ensuring that data is stored in a secure environment (in the cloud), rather than on portable devices such as laptops and smart phones also enables corporations to reduce risk.
According to Frost & Sullivan’s ICT Director, cloud computing offers more security than what could be provided by a multi-million dollar attempt to secure on-premise resources.
“Public cloud services providers such as Google, Amazon, Microsoft and Salesforce.com focus heavily on ensuring that their data centres follow best practice security policies and are using the most up-to-date security tools. So, using public cloud services can offer more security than keeping data and other computing resources on-premise”, he assured, adding: “The cloud model of computing is much better positioned to address today’s security challenges and concerns than alternative models.”
By Daniela La Marca