Connecting brands with IT.
The premier provider of intelligence-driven security solutions
Identity Management is arguably one of the more complex endeavours for any organisation to undertake. The need for properly managing user access is clear; users are the main boundary for access to important business assets and processes. Failing to manage these accounts opens one to all manner of risks, including potential compromise. The phrase, “Identity is the new perimeter” is particularly apt in the face of a growing thirst for ubiquitous access to business data and applications.
Zero-days, SQL injection, memory overflows and other kinds of creative abuse in the digital domain are a huge concern for many Internet-facing organisations. Commonly, a large proportion of IT budgets are bent towards ways to protect against these threats. Organisations deploy everything from IPS, IDS, SIEM, anti-virus and vulnerability scanners to look for the proverbial needle, and in many cases it’s a core function of IT security’s mandate. Rightly so, as it is an important and timely concern, but should this be our top priority?
As Australia released its long awaited Cyber Security Strategy, Prime Minister Malcolm Turnbull said that modern encryption poses difficulties for law enforcement, a curious complaint for a nation that has legal access to troves of metadata.
In the last few years, security practitioners have become quite vocal over their belief that the perimeter is dead. You need not look very far to see the evidence of this: Breaches hit the headlines on a weekly basis, and more and more vendors are switching their tag lines from impervious defence towards faster detection and response.
The old model of security was simple: Install an anti-virus solution and your only obligations were to keep it patched and the signatures up to date. If a threat was detected on your network, remediation wasn't much more complicated than quarantining data and restoring from a backup.
A recent IDC FutureScape report examining the implications of IT security in AP claims Australia is the most spendthrift nation, even up against China, when it comes to spending on IT security. Most of this spend goes into security software, as one might expect as security appliances become virtualised and cloud services mature, yet Australia still had more than its fair share of high-profile attacks.
We've all heard the catch-phrase: "Prevention is better than cure", but it seems that some organisations have taken that advice too close to heart and forgotten how to put it into perspective.