Reducing risk in the almighty game of Cyber security

Michael Duffy (R) and Martin Kioko (L) during a panel discussion at CIO100 2019

Automation and other technological advancements have transformed the way we work and also how we secure it, but with cyber attacks still regularly hitting the headlines, it’s clear that this almighty game of cat-and-mouse will run and run.

These advances mean that the role of the traditional IT worker is being flipped on its head, with security high on their checklists along with an approach that actively pinpoints areas of risk.

The overriding need now is to work across the organisation to help them deliver the outcomes they’re looking for, while reducing risk. It’s not about perfect security; it’s about setting a risk profile for the business based on appetite for risk, the type of industry the business is in and the sorts of threats it faces.

We’ve seen that – across security applications, across endpoints, across network infrastructure – there will always be vulnerability. That’s interesting, but what actions can we usefully take? We need to think about is what is exploitable, what is realistic and how could the business be impacted? As a result, where should we invest our time and money?

This is a very different posture to how, historically, security used to be practiced in IT.  Akin to a castle with big walls, defenders facing outwards, a drawbridge and a moat, security used to be predicated on a situation where whatever is on-premises were the only things that had to be considered in the security sense. Now, half the company’s critical assets and data are scattered across various cloud providers in several different countries.

With this reality in mind, we believe that two areas of security are going to become the cornerstone of successful IT security strategies going forward. First, there’s the big area of identity: who has access, how do you manage that access, what is that access, how do you deal with changes to that access?

And then there’s the data itself. Where is that data, who should have access and what data is the most valuable? The modern company on the road to digital transformation needs to protect the things that are the most valuable and the most impactful to maintaining trust, revenues and ongoing operations.

The commonality in these two aspects is privileged access or, in other words, the special permissions humans, applications or machines need in order to manage and control critical assets.  In nearly every breach, privileged access is compromised in order to assume identities and access data. It is critical to manage and protect privileged access wherever high value identities and data reside – whether on-premises or in the cloud.

Do you have a story that you think would interest our readers?
Write to us editorial@cio.co.ke

LEAVE A REPLY

Please enter your comment!
Please enter your name here
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.