No matter what industry sector we look at today, the value of data and management of information is crucial. Businesses must assess and quantify the risks to high-value information and understand and protect the asset it resides on. The integrity of the device protecting the information can be assessed in a number of ways, such as how well it is audited, patched and secured.
Utilising just one security product that promises to protect a business ‘from all threats’ is not enough. To protect information assets, a number of areas must be assessed to understand which solutions are best positioned for protecting a business’ critical information.
IT security managers need to start at the core of their organisation and work outwards. Businesses need to assess the integrity of information assets where sensitive data resides and assure that they are fully patched and secured. Then consideration can be given to working outwards to the network, where organizations should carry out similar risk assessments. For example: Is the network the information asset resides on secure and appropriate for the information it contains?
Take, for example, the NSPCC and Bernardos. Both are child support organisations that need to protect extremely sensitive data. Organisations such as these must assess all IT risks: from the asset the information is placed on, right through to the network. Looking at one without the other will potentially compromise your organisation’s security.
System integrity is vital when controlling who can access certain information. Even if a business places sensitive data on a virtual local area network (VLAN), other networks can still access the information as they can freely route between each other unless filtered. As such, VLANs are wide open for anyone to access sensitive and valuable data.
Security technology has considerably progressed over the past few years and now integrates with user credentials, allowing controlled access to certain information. There are products available that can monitor and manage exactly who has access to specific data, instead of just certain folders. These products can secure shared drives and prevent them from containing random information. For example, if an employee accidentally drags and drops financial information from a folder they have access to into a public folder, then software can highlight this action and lock down access to that particular information.
Businesses of all sizes and across all industries must make sure that the data they store is only accessed by relevant personnel. Certain technologies can manage this process with ease by instantly migrating into a business’ infrastructure and coexisting. As a result, the business does not have to change its infrastructure. Rather, it closes the holes that allow staff to access information they do need to see or may be irrelevant to their job function.
The most important aspect of identity authentication is that it educates users to be more aware of locking down desktops and portals. When staff leave their desks, an unsecured work station can offer anyone within the organisation access to valuable and sensitive data, which opens up a range of data breach liabilities. All organisations must ensure their staff are made aware of the security risks involved in their day-to-day work and implement an ‘acceptable use policy’ that details what information they do or do not have rights to access.
Many public sector organisations must protect large quantities of sensitive data and information from system vulnerabilities. The most effective method of prioritising these vulnerabilities involves a number of key steps and risk assessments. These include: modelling and mapping networks and importing rules from multiple devices; defining threat origins; and classifying the assets based on importance to the organization. This technique identifies the vulnerabilities presenting the greatest threat to an organization and allows remediation and protection of its most important assets.
Simon Morris is the research & development director at Pentura, a leading IT security consultancy and a risk management service provider in the UK. As one of the UK’s leading research and development directors, Morris is responsible for managing Pentura’s international client base and determining each customer’s specific market needs.
Morris has over 14 years of experience within the IT market and was previously head of technical consulting, where he specialised in firewall and IDS technologies for one of the UK’s largest IT security resellers. Throughout his career he has been involved in a number of market leading technologies, such as Check Point FW-1 which he helped launch in the UK market.
As one of the founders of Pentura, Morris has been instrumental in the growth and development of the business since it began in 2002. He has worked with dozens of blue chip corporations, providing business security consulting and software implementation. Morris holds a BSc (Hons) in computer science from the University of Portsmouth.