Maintaining Visibility: The Key To IT Security

IT Security

Keeping the organisation safe from both external and internal threats is a constantly evolving task for the IT department. Typically organisations have multi-layered security protecting their network, applications and data. However, with the proliferation of personal devices in the organisation and on the company network, IT security becomes that much more challenging.

The Consumerisation Of IT

The benefits of using personal devices – smartphones, tablets, laptops – at work are undeniable. Employees are more familiar with their own devices and as a result can be more productive. In addition, these are often more technologically advanced than those provided by the organisation and thus offer better functionality. With Gartner predicting that by 2017 more than half of organisations will require employees to use their own devices, securing these will become an ever more significant part of IT security strategies.

In the drive for greater efficiency and productivity we will see increasingly more of these personal technologies being used for business purposes. As a result, these could pose additional security risks to the organisation, whether they are used to access the company network from the office or remotely. In addition, the ease with which employees can download, trial and use new software, file sharing applications and cloud-based storage also becomes a security issue.

Visibility

Visibility of the company network therefore remains an important tenet of IT security. IT staff need to know exactly what devices are on the network, who they belong to, what they are accessing and where they are accessing it from. In this way the team can identify potential weaknesses in the system and where the greatest threats are likely to come from.

Real-Time Monitoring

Ideally, monitoring of the network must be done in real-time. This enables IT teams to quickly identify any internal and external threats and react accordingly. However, often this task is done manually which can be time consuming and is not fool-proof. However, having a solution such as a SIEM (security information and event management) platform that sits on top of existing security technologies and logs activities across the network, can assist in enabling IT to perform real-time and effective monitoring.

Security Policy

In addition, the security team must ensure that a valid, appropriate and constantly updated policy is in place that employees are aware of and that management supports. Part of this should include regular patches, updates to all devices, the use of passwords, encryption of sensitive data and the correct disposal of outdated information and devices.

Incident Response Team

A crucial part of any security strategy is having a post breach plan – that is, knowing exactly what to do and what policies to follow if a breach or cyber-attack does occur. Appointing a team of professionals within the IT department to deal with this is imperative, as is the development and maintenance of the plan itself.

Information security must be both multi-layered and fluid to effectively deal with the nature of the threat landscape and the rate at which cyber-attacks are developing. However, the IT department’s best tool is gaining and maintaining visibility over the entire network, which forms the basis for a comprehensive IT strategy.

Jon Inns

As Director of Product Development at Accumuli, Jon Inns has worked in the industry for almost 20 years for the likes of the Ministry of Defence and HP. As such, he is extremely knowledgeable in the area of protective monitoring systems, most notably security information and event management (SIEM). Jon is a founding member of the SIEM Alliance and is a strong proponent of the importance of including security monitoring as a fundamental and critical control in enterprise defensive policies.