Intelligent CIO Middle East Issue 32 | Page 50

CIO OPINION organisational resources from anywhere, anytime and from almost any device. To counter these factors, organisations have started implementing solutions to address security. However – this might be a disappointment to several of you but reflects reality – there is no silver bullet. There is no single solution that can address all security issues. A ‘defence in depth’ approach did not come about by accident but is based on the determination that while you might need a thousand solutions in your network, you need solutions that address different aspects of security. You are not alone. Your networks have changed significantly and you have multiple solutions. That establishes a baseline. The question is what can organisations do differently to be better prepared. Here are some suggested best practices. Introspection This means understanding your capabilities and risks. Just understanding the impact of being breached in terms of cost, downtime and reputation of the brand will help you prioritise what actions to take. Get visibility Develop a clear picture of the key assets you have, where they are located, who has access to them, identify the most critical assets. In the digital age, data is king so knowing which devices have access to your data is key. Note that data is not just the domain of the large enterprise but a reality for every size and type of organisation. This assessment will lead you to the determination of what makes up your organisation. Examine your architecture With the proliferation of IoT, adoption of BYOD, growth in use of virtualised environments and adoption of public and private cloud infrastructures all require that you step back and examine how you architected your core network. Focus on the outcomes you desire while you examine the architecture; is your network architected to maximise availability and ensure continuity even if it is under attack? 50 INTELLIGENTCIO Have you secured your data paths to make sure you are protecting every known avenue that can be used to steal that data? Does your protection extend to the physical and virtual elements in your network? Do a process inventory Technology is a key element to addressing security challenges but technology is part of the solution. People and processes play an equally important role in maintaining a robust security posture. Developing an understanding of how sensitive information is handled, who has access to sensitive information, your internal policies on how you treat sensitive data, policy enforcement mechanisms and ongoing training of personnel handling sensitive data, must be part of the overall solution. “ ORGANISATIONS MUST START WITH THE BASICS. Start by addressing the basics Often organisations invest in the latest and greatest technology and buzz word driven solutions. Sometimes there is a perceived correlation between ‘high end solution’ and impact. But there is a difference between perception and reality. Organisations must start with the basics. “ MAKE SURE YOU HAVE INSTITUTED BEST PRACTICES AROUND PASSWORDS, PATCHING YOUR SYSTEMS WITH THE LATEST UPDATES AND KEEPING UP TO DATE WITH YOUR HARDWARE AND SOFTWARE. Institute best practices Like I said above, people and process are a critical component of addressing your security posture. Make sure you have instituted best practices around passwords, patching your systems with the latest updates and keeping up to date with your hardware and software. Address the core of your network Organisations that have adopted a defence in depth approach have done so for several critical applications like e-mail, web traffic and endpoints. Often, they ignore the core