SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Current IT security not up to the job – time to make some changes
Tue, 14th Nov 2017
FYI, this story is more than a year old

A new report has emerged that proposes organisations need to change how they think and view data itself as an endpoint in order to improve its security.

The independent research was carried out by IDC and sponsored by Covata and stated data is an asset that is increasing in value, created and stored in a constantly growing variety of devices.

“It is also increasing in volume, its value only realised by sharing – and only with those who are authorised to view it. And yet hackers are seemingly able to steal this data with ease from those that are unable to secure it sufficiently,” the report states.

Another point alluded to in the research is the fact billions of dollars are spent around the world every year on various forms of IT security, and yet, data breaches are still happening.

“Strategies to protect data must evolve if we are going to successfully protect this valuable resource in the future,” says vice president of Security Practice for IDC APAC and  co-author of the report, Simon Piff.

“It's clear from the almost constant barrage of headlines announcing the latest data breach that we are not able to secure this asset with the strategies we have used in the past. Perhaps by reconsidering our approach to how we think about data, we can create improved strategies to secure this increasingly valuable asset.

Covata's CEO and managing director, Ted Pretty shares these sentiments.

“To greatly reduce security issues, organisations should implement solutions that follow data from its creation to its end of useful life, and ensure only authorised users and processes can access, use and amend the data,” says Pretty.

“Traditional perimeter security strategies that have focused on hardening the networks and systems supporting the data, rather than the data itself, are what needs to change. A perimeter-focused strategy is no longer sufficient, and many security technologies are simply applying that same failed approach.

In terms of what needs to be done, the report states organisations need to reconsider their overall security strategies.

The perimeter is gradually dissolving with the implementation of technologies like cloud, mobile and IoT, which means data needs to be elevated so that each data object can itself participate in the security portfolio.

As aforementioned, the report says despite the billions of dollars spent, it's clear that the security solutions we have in place today are simply not up to the job – hence the ongoing high-profile data breaches.

“It is time to rethink how we secure the data by considering data as an endpoint with an active role to play in the overall security strategy rather than as a passive element in transactional systems … To be successful, organisations must develop a program that focuses protection capabilities on the data itself,” the report states.

Recommended actions for organisations:

  • Consider how and where the data is created, captured, transmitted and stored, and where the vulnerabilities are greatest along this value chain
  • Identify offerings that can secure that data at its earliest point of creation and throughout its life cycle, regardless of whether this is on- or off-premises
  • Realise that not all data is of the same value, and that value may differ from an internal (your own) and external (the hacker's) point of view, and then apply the relevant levels of protection
  • Establish a process that can constantly evaluate this value based on impact to the business, impact of legislation and impact of new threats and vulnerabilities