Business to Copy Banks and Develop Triple-A Security Rating

Author: Florian Malecki, International Product Director, Dell Networking Security

Triple-A ratings are normally associated with Chief Financial Officers (CFOs) keeping a tab on John Moody’s bond credit rating. In the world of IT, it can be a platform for businesses to rate the efficiency of their IT security implementation.

IT security is one of the main concerns for IT teams with recent attacks, such as Shellshock and Heartbleed, affecting organisations globally. Businesses are taking steps to protect their networks from threats of all sizes. However, as it stands, security is still at risk from an internal and external stand point.

How can businesses know when they have reached a level of security that will protect them from cyber-attacks, while still empowering employees to do their job better? A comprehensive security approach should encompass three factors:

  • Be Adaptive to threats, business requirements and also the ever evolving use of the internet within the corporate network,
  • Have Adapted to meet the specific requirements of an organisation, and
  • Have been Adopted fully by end users.
.

These factors can be summarised as the ‘Triple A’ security approach. Achieving this strengthens the overall security posture of businesses and would grant organisations a ‘Triple A’ security rating, providing assurances to customers that their sensitive information is safe. But what do companies need to do in order to be Triple-A secure?

Be Adaptive:

IT infrastructures are constantly changing. Previously, IT infrastructures would be static, however, the world is moving towards one of convergence. Security infrastructures need to adapt in order to be effective. An adaptive security architecture should be preventative, detective, retrospective and predictive. In addition, a rounded security approach should be context aware.

Gartner has outlined the top six trends driving the need for adaptive, context aware security infrastructures: mobilisation, externalisation and collaboration, virtualisation, cloud computing, consumerisation and the industrialisation of hackers. But what exactly does context aware mean? Gartner defines context aware security as “the use of supplemental information to improve security decisions at the time the decisions are made”. It predicts by 2015, 90% of enterprise security solutions deployed will be context aware.

Read more: App Security- the great unspoken

The premise of the argument for adaptive, context aware security is that all security decisions should be based on information from multiple sources. This starts by looking at the context of the request and then allowing or denying it based on the information available, e.g. the method of authentication used, the time of day etc. By taking this adaptive approach security can be improved.

Adapted: To Changing Environments

No two organisations are the same, so why should security implementations be? Security solutions need flexibility to meet the specific business requirements of an organisation. Despite spending more than ever to protect systems and comply with internal and regulatory requirements, something is always falling through the cracks. In fact, 73% of organisations globally have experienced a security breach in the last twelve months according to a Dell commissioned survey by Vanson Bourne.

There are dozens of “best-of-breed” solutions addressing narrow aspects of security. Then there are monolithic security frameworks, attempting to address every aspect of security in one single solution, which are inflexible and expensive to administrate. Both of these solutions are imperfect and end up being costly to run and maintain.

Read more: Defending Your Castle from the Inside: Data Breaches and How to Minimise Their Impact

Instead organisations should approach security based on simplicity, efficiency, and connectivity. These principals tie together the splintered aspects of IT security into one, integrated solution, capable of sharing insights across the organisation.

Businesses can manage the rules and policies, and end users can easily comply. This security solution ensures that the approach is adapted to meet the specific requirements and business objectives of an organisation, rather than taking a one size fits all approach.

Adopted: By Employees

Another essential aspect to any security approach is ensuring that employees understand and adopt security policies. IT and security infrastructure are there to support business growth. A great example of this is how IT enables employees to be mobile, increasing productivity. However, at the same time it is vital employees adhere to security policies and access data and business applications in the correct manner. If not mobility and other policies designed to support business growth become a security risk and could actually damage the business.

All too often people think security tools hamper employee productivity and impact business processes. In the real world, if users don't like the way a system works and perceive it as getting in the way of productivity, they will not use it. The business value of having the system is gone, not to mention the security protection.

By providing employees with training and guides around cyber security, this should lead to them being fully adopted. The results of which is a drop in the number of security risks from employee activity.

Triple A

If your overall security policy ticks all of the three A’s, then you can rest assured you have a very high level of security. However, these checks are not something that you can do just once. To protect against tomorrows threats, businesses need to regularly run through this checklist. This ensures a maximum security level is achieved and maintained. It is also important to ensure any security solutions implemented, allow your organisation to grow on demand, without there being any impact on the existing part of the network.

By ensuring that the network is ‘Triple A’ rated, it becomes possible to ensure all areas of a corporate network are protected at all times. By working towards this framework, it becomes possible to identify gaps in the network security, helping to prevent against future attacks.

Join the CSO newsletter!

Error: Please check your email address.

Tags IT infrastructureexternalisationIT SecuritymobilisationthreatsvirtualisationTriple-ADellGartnercyber-attacksenterprise securityHeartbleedTriple-A SecurityVanson BournebusinessJohn MoodChief Financial Officers (CFOs)employeesShellshock

More about AdaptedDellGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Florian Malecki

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place