Story image

Time for new security resolutions

27 Feb 2015

There's no time like the present for customers to take a good look at their security says Mark Shaw, Symantec Pacific region technology strategist – security.  

With the new year in full swing, it’s a good time for organisations to cast a critical eye over their security processes, practices  and technologies. 

Channel partners have an ideal opportunity to work with organisations to identify gaps and assess how to better protect the organisation and avoid them being the victim of a headline-making data breach.

To help partners provide the best recommendations to their customers, here are a few suggestions on habits to leave behind, and new habits to adopt.

Know where your data lives It’s 8pm on Thursday… do you know where your data is? Who can access it? Take the time to understand where sensitive data resides, who has access to it and where it is flowing to help identify the best policies and procedures to protect it. 

Remember, protection should focus first on the information – rather than the device or the data centre.

Think like an attacker As attackers plot their attacks, they typically look for the path of least resistance. Look at IT infrastructure from the attacker’s vantage point. Where is the most valuable data stored and backed up? What vulnerabilities could I exploit? What is the most economical way for me to perpetrate and profit from an attack?

Compromise is inevitable. Have a strong relationship with an incident response partner or better yet, have them on a retainer so they’re ready to go to help prevent your compromise from becoming a breach. 

Also, be prepared yourself. More and more companies are taking the added step of running end-to-end incident response drills to test how well the organisation can manage an incident. Remember that an incident response process will likely span multiple business units. It is no longer the sole domain of the IT security team or even the wider information technology group.

Add more layers of protection Protecting the endpoint using only the antivirus component of an endpoint protection technology has been insufficient for years. Using the entire feature set of these technologies is a critical component of a broader arsenal of advanced protection technologies to keep information safe. You can strengthen security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies. 

Educate employees Large-scale data breaches in recent years have continued to highlight that the weakest link in security is often human error. It’s critical employees understand what attacks look like and how to defend against them. Educate users about security threats and the damage they can cause – from password strength to phishing emails, to lost and stolen mobile devices.

Patch your environment on a regular basis Consider your patching frequency and whether this can be automated further. Also bear in mind that two-thirds of vulnerabilities identified are in third-party applications, so increase your patching scope beyond simply the OS. Software updates can include fixes to new vulnerabilities and exploited security gaps. 

Patch back end infrastructures, because it’s not just desktop software that can provide an opening, as last year’s Heartbleed vulnerability demonstrated.

Go beyond the device Tablets and smartphones have increased employee productivity and flexibility, but also introduce new and evolving vulnerabilities into the workplace. Many companies think device-level security is enough to prevent data leakage and breaches, but today’s mobile threats call for deeper protections that also safeguard apps and data. Rethink your BYOD policies to protect at the content, data and app level.  

Orange Belgium opens 1,000 sqm Antwerp data centre
It consists of more than 500 high-density 52 unit racks, installed on the equivalent of 12 tennis courts.
Time to build tech on the automobile, not the horse and cart
Nutanix’s Jeff Smith believes one of the core problems of businesses struggling to digitally ‘transform’ lies in the infrastructure they use, the data centre.
Cloud providers increasingly jumping into gaming market
Aa number of major cloud service providers are uniquely placed to capitalise on the lucrative cloud gaming market.
Intel building US’s first exascale supercomputer
Intel and the Department of Energy are building potentially the world’s first exascale supercomputer, capable of a quintillion calculations per second.
NVIDIA announces enterprise servers optimised for data science
“The rapid adoption of T4 on the world’s most popular business servers signals the start of a new era in enterprise computing."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.