• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      Is it time you switched to Database-as-a-Service?

      In this webinar learn how to leverage the advantages of in-VPC deployment, multi-cluster management, hybrid cloud replication, and more, all while delivering operational transparency and low TCO.

      • Date: 13 Apr 2021
      • Computing UK, London
      event logo
      How to overcome your Active Directory consolidation challenges

      In this web seminar we explore how best to go about assessing and modernising your AD as we reveal our research findings into AD health and readiness, consolidation challenges, and strategies for success.

      • Date: 20 Apr 2021
      event logo
      DeskFlix: DevOps

      Join us for this season of Deskflix: DevOps to hear from industry experts, leading partners, and your peers on all of the above. Available live or on-demand you’ll learn about best practice, the most common challenges, and gain valuable lessons on how to approach your 2021 DevOps journey.

      • Date: 21 Apr 2021
      event logo
      Desklix: Digital Workplace

      The Coronavirus pandemic has had a huge impact on our lives with most organisations making a sudden switch to mass remote working. As restrictions are progressively eased, the impact continues, with organisations having to decide when to allow staff back into offices, what proportion of remote working should be expected, and how all of this should be supported.Take part in this virtual event to put your questions to the experts, and see what your peers have learnt from the pandemic, and how they plan to apply this understanding to 2021 and beyond.

      • Date: 12 May 2021
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
 

Sponsor content:

What's this?

This content has been provided by our sponsors and is a paid advertisement.
  • Security

Partner Insight: Why security is a human problem first

How do you address IT leaders' dual concerns around remote working and cyber security?

Why security is a human problem first
Why security is a human problem first
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

Fears about cybersecurity have risen in recent years, as stories of malign state actors, black hat hackers, organised criminals, industrial espionage and opportunistic attacks on high-profile platforms have spread. And with the media stoking fear of new technologies, it's easy to live in a state of constant paranoia and mistrust.

All of the above problems certainly exist, but to read many of these stories risks forming the impression that security is largely a technology problem, targeting technology flaws and chinks in the corporate armour. As a result, the response might be that it can be fixed with yet more technology, with little need for human oversight and intervention.

The human angle

However, the fact is that today's enterprises are only as secure as the least informed person in the organisation allows them to be.

Not because they are incompetent, lazy or unprofessional (though any individual might be), but because there has been a failure of security policy, management, communication and control - problems worsened by using preset, predictable or guessable passwords.

The organisation may also deepen its challenges by accepting more and more unsecured Internet of Things devices into the corporate network, some of which may have been rushed to market with insufficient security protocols built in.

IT leaders need to approach security first and foremost as a human problem, supported by standards-based technology. That means it needs to be tackled by drawing up a robust, forward-looking security policy that is read and understood by everyone from the chief executive to the most junior support workers who have access to core systems.

The coronavirus crisis

That challenge has itself been amplified by the COVID-19 crisis, which has forced the vast majority of employees to work from home using their own devices and networks. Both the policy and supporting infrastructure need to address those behaviours, in terms of secure authentication and access control.

This shift in employment culture and workflow is likely to have long-lasting effects - many of them permanent, as the financial, property, time and healthcare advantages of remote, agile working become increasingly attractive in an uncertain economy.

The end result is that the perimeter of the organisation now extends to every device and node that accesses, hosts or stores corporate data and applications.

Clearly, the extended, remote enterprise has now bypassed the long-established and limited concept of on-premises, perimeter-based security. As a result, organisations need a better way to gain insight into, and control over, a more dispersed and diverse network that is constantly morphing into new, user-driven shapes.

A new definition of trust

Visibility and control over that type of network means redefining trust by moving away from the concept of a trusted device, and towards the need for constant verification and authentication within the terms of an all-embracing security policy.

Arguably, there are risks in what some might see as an assumption of guilt - i.e. that every access attempt is a potential hack. But the reality is that in the new, dispersed, and more remote organisation, explicit verification based on user identity, location, device, data and application is essential in order to detect and prevent anomalous behaviour.

After all, while some anomalies may indeed indicate hostile intent, others may simply be accidental access by family members or friends, or by curious bystanders if a device has been left unattended in a cafe.

Regardless of whether an unauthorised access attempt is malicious or simply idle curiosity, the potential risk to corporate applications, data, communications and reputation is the same and needs to be minimised.

A no-trust policy

The new ‘no trust' environment should be focused on identity, device, sensitive data, applications, infrastructure, and the network itself.

Strong, multi-factor authentication is essential, as are policy-based access, automation, intelligence - including artificial intelligence (AI) - and the ability to classify and protect data.

The security policy, the supporting infrastructure and the verification regime all need to work in support of strategic business aims and day-to-day operations.

So how are IT leaders responding to these challenges? Computing Research spoke to 150 IT leaders across every key sector of the economy and asked them how significant a range of issues had been in terms of managing the IT estate.

Cybersecurity risks and breaches were their second biggest concern after remote working itself, with respondents averaging a score of 7.43 on a scale of 1 to 10 (with ‘1' meaning a marginal effect and ‘10' a very significant impact).

However, the good news is that security was also the number two driver for implementing cloud-based remote device management systems, cited by over half of respondents. Again, tackling the challenges of remote working provided the single biggest impetus for acquiring the technology - reinforcing the case for a multi-layered approach to security, starting with hardware, the use of intelligent end points with embedded AI, and robust cloud-based remote management.

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Remote working
  • COVID-19
  • Intel Corp.
  • cyber-security
  • VPro Hub
blog comments powered by Disqus
Back to Top
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Privacy Settings
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading