Critical Security Issues for the Modern Enterprise

Posted on

Security continues to be a top concern keeping IT leaders up at night. With good reason – the impact of enterprise security breaches can include remediation costs, reputation damage and reduced customer confidence. 

What can leaders do to protect their data without sacrificing business agility? In August 2017, IBM commissioned Forrester to conduct a survey of IT and security decision makers to explore how organizations are implementing enterprise security to protect their data[1]. 

The Forrester study revealed that 46 percent of the organizational representatives surveyed encrypt little to none of their data, with only 12 percent encrypting all their data. 

It also highlighted a wide range of security issues, including, a need to operationalize security to secure the new data perimeter, a focus on protecting data but a lower level of actual encryption, and a desire for a “zero trust” approach to security, restricting access to those who need it. 

  1. Operationalizing Security

According to Forrester, operationalizing security is about “taking specific steps to identify malicious actions and respond to them in order to fix the issue.” 

One of the biggest enterprise security issues today is the explosion in data, with much of that data being located beyond the previous security perimeter. 

70 percent of people surveyed said they stored critical data in the cloud – so cloud service providers need to protect client data from other clients sharing the same cloud. 

  1. Encrypting data

85 percent of those surveyed currently encrypt their data based on a data classification scheme. Having to decide which data to encrypt exposes the remaining unencrypted data to attack. 

The simple answer is to encrypt all data – an approach called pervasive encryption. But doing this in software can impact service level agreements (SLAs) because of the performance overhead. Pervasive encryption becomes practical when it is done in hardware with special cryptographic co-processors. 

Encryption keys also need to be protected in order to properly safeguard data. Holding encryption keys in the clear speeds processing, but opens up other possible attack vectors. 

  1. Zero Trust

66 percent of those surveyed said that they subscribe to a zero trust approach to security. 

Typical approaches include implementing access control mechanisms and enforcing role-based access – and these have proved valuable in protecting systems from many threats. 

However, this still leaves system administrators with widespread access to data and applications, and they have often been the culprit (either intentionally or accidentally) in recent insider attacks. 

If any of these issues are plaguing your IT department or keeping you up at night, you have options.  Depending on your specific business needs and your existing environment, you can find peace-of-mind through a number of available solutions, so check with your trusted technology partner to get started on a plan that can help ensure your organization’s assets are safe, and you sleep at night. #LetsGetToWork 

[1] Operationalize Security To Secure Your Data Perimeter, a September 2017 commissioned study conducted by Forrester Consulting on behalf of IBM. 

Enterprise Security Tips: Consumer IoT Devices

Posted on

As more devices become smart from televisions to wearable fitness tracking devices, these devices also become part of the enterprise.  According to the Online Trust Alliance, consumer-grade IoT devices represent a threat to enterprise security – both the network and data – when not secured properly. Below are highlights from the Online Trust Alliance report: “The Enterprise IoT Security Checklist: Best Practices for Securing Consumer-Grade IoT in the Enterprise”.

  • Be Proactive – take steps to understand what consumer-grade IoT devices are being used and examine the impact to enterprise security. Understanding the risk and planning is the first step
  • Passwords – make sure none of your devices include hardcoded passwords. Apply strong passwords as you would with any other enterprise IT device
  • Network – place IoT devices onto a separate network for better visibility, tracking and protection
  • Manage functionality – today it seems like one device is packed to do just about everything. With consumer-grade IoT devices only leave on the functionality that is needed every day
  • Encryption – look for devices and processes that support encryption for an added level of security
  • Manage lifecycle and updates – do not use devices that can not be updated – software should be up-to-date. Lifecycle management applied to consumer-grade IoT devices can also be a useful tool for identifying devices that should be updated
  • Examine physical access – the device should not be able to access the network through means such as ports or factory resets

Finally, education is important. End users need to understand the potential risk of consumer-grade IoT devices to enterprise data and the network.  End users should also understand the process IT uses to review and secure.  After all in today’s world of complex attacks, ensuring enterprise security goes beyond just a function of IT and is an essential element for all employees.

What steps are you taking to secure consumer-grade IoT devices in your organization?