Triple-A ratings are normally associated with chief financial officers keeping a tab on John Moody’s bond credit rating. In the world of IT however, how can a chief information officer or information technology decision maker (ITDM) rate the efficiency of an IT security implementation?
IT security is one of the main concerns for ITDMs with attacks such as Shellshock and Heartbleed and others affecting organisations globally. Therefore ITDMs are taking steps to protect the corporate network from threats of all sizes. However, as it stands security is still at risk from internal and external stand point.
How can ITDMs know when they have reached a level of security that will protect from cyber-attacks while still empowering employees to do their job better? A comprehensive security approach should encompass three factors, it should be adaptive to threats, business requirements and also the ever evolving use of the internet within the corporate network, have adapted to meet the specific requirements of an organisation and have been adopted fully by end users.
These factors can be summarised as a ‘Triple A’ security approach, that could help you with your overall security posture and grant your organisation a ‘Triple A’ security rating.
IT infrastructures are constantly changing. In the past we had static IT infrastructures, however, we are moving towards a world of convergence. Therefore, security infrastructures need to adapt in order to be effective. An adaptive security architecture should be preventative, detective, retrospective and predictive. In addition, a rounded security approach should be context aware.
Gartner has outlined the top six trends driving the need for adaptive, context aware security infrastructures: mobilization, externalization and collaboration, virtualization, cloud computing, consumerization and the industrialization of hackers.
The premise of the argument for adaptive, context aware security is that all security decisions should be based on information from multiple sources.
No two organisations are the same, so why should security implementations be? Security solutions need flexibility to meet the specific business requirements of an organisation. Yet despite spending more than ever to protect our systems and comply with internal and regulatory requirements, something is always falling through the cracks. There are dozens of “best-of-breed” solutions addressing narrow aspects of security. Each solution requires a single specialist to manage and leaves gaping holes between them. Patchwork solutions that combine products from multiple vendors inevitably lead to the blame game.
There are monolithic security frameworks that attempt to address every aspect of security in one single solution, but they are inflexible and extremely expensive to administer and organisations often find that they become too costly to run. They are also completely divorced from the business objectives of the organisations they’re designed to support.
Instead organisations should approach security based on simplicity, efficiency, and connectivity as these principals tie together the splintered aspects of IT security into one, integrated solution, capable of sharing insights across the organisation.
This type of security solution ensures that the security approach has adapted to meet the specific requirements and business objectives of an organisation, rather than taking a one size fits all approach.
Another essential aspect to any security approach is ensuring that employees understand and adopt security policies. IT and security infrastructure are there to support business growth, a great example of this is how IT enables employees to be mobile, therefore increasing productivity. However, at the same time it is vital that employees adhere to security policies and access data and business applications in the correct manner or else mobility and other policies designed to support business growth, in fact become a security risk and could actually damage the business.
All too often people think security tools hamper employee productivity and impact business processes. In the real world, if users don't like the way a system works and they perceive it as getting in the way of productivity, they will not use it and hence the business value of having the system is gone, not to mention the security protection.
By providing employees with training and guides around cyber security, this should lead to them being fully adopted and the IT department should notice a drop in the number of security risks from employee activity.
If your overall security policy is able to tick all of the three A’s, then you have a very high level of security, however, the checks are not something that you can do just once. To protect against threats, it is advisable to run through this quick checklist on a regular basis to ensure that a maximum security level is achieved and maintained at all times. It is also important to ensure that any security solutions implemented allows your organisation to grow on demand; as Dell says: Better Security, Better Business.
La Perla had the challenge of managing expansive growth, demand for remote access and minimal learning curve in their organization. The turned to a triple Dell Security Solution, which included Dell SonicWALL NSA Series next-gen firewalls, Dell SonicWALL Secure Remote Access SRA Series, Dell SonicWALL Global Management System (GMS).
“Secure communications and a secure business infrastructure are a priority for our Group and we found that Dell SonicWALL products meet our requirements perfectly,” said Mauro Ruscelli, network security expert at La Perla.