Why the enterprise must ensure it has a proper security policy

In today's connected world a business must ensure that its mobile and web-based software is secure. This means that application security needs to be a core competence in any organisation's security strategy

IT security is an ever-increasing concern for all organisations, and it's not just from the often-reported outside threats of cyber criminals and computer hackers - there are a number internal threats, not all of which are malicious, that have to be managed in order to protect the business.

With the rise of smartphones and tablets, organisations are under enormous pressure to develop their online presence, be it via website or a mobile app, in an environment where it's very much survival of the quickest, particularly in retail.

However, in the rush to meet consumer demand web apps are often pushed out too quickly, a strategy that can leave an organisation vulnerable if there's a flaw in the code that can be exploited - and then it could be goodbye customer data and hello bad publicity.

Taking a little more time over coding can ensure that an app is truly secure, something that in the long run is best given that customers won't want to deal with an organisation known for its poor security.

Alongside mobile, the use of cloud technology has seen a rapid rise in recent years, with organisations looking to harness the power of being able to access their information from anywhere, while often simultaneously saving on data centre costs. However, one problem it has brought with it is access control, with various employees needing access to different systems, all of which require usernames and passwords.

But what if these fall into the wrong hands? If the information can be accessed from anywhere, anybody with the correct login credentials could log in and potentially make off with sensitive data. Proper user training is therefore essential to keeping data secure, with human error still the most common cause of data breaches.

It's for that reason, especially when the cloud is involved, that security intelligence is an increasing challenge. With so many different applications and locations, how do security personnel keep control of who has access to what from where?

Also, in this new world of hybrid system complexity, with so many different environments, applications and locations, how do you get effective intelligence on everything that is going on as it happens? It's therefore important that the board is made aware of this issue, in order to ensure security officers in an organisation get the tools they need.

And the board certainly needs to take a role bolstering security, according to findings by Computing research. Of those IT professionals surveyed, under half said their board has an active role in determining data governance programmes. That's certainly a problem if an organisation is to protect itself from advanced threats, because in order for security practice to take hold throughout a whole organisation, it really needs to come from the board first.

Only then will those strategies and practices filter down and ensure maximum security through the rest of the organisation.

For the latest information on how to secure your business from a malicious attack, download this IBM white paper from Computing resources.