The human side of security and governance
Security is set to be the new battleground for enterprises, and is critical to protecting an enterprise’s ongoing operations. Security not only protects critical corporate assets, but also facilitates the adoption of new ways of working, new technologies, and internal and external interactions with employees, business partners, contractors, service providers, and customers (BYOD, cloud, mobility, B2B, B2C, and all associated relationships). This brings in the human side of security, as users are often exposed as the weakest link in the business protection chain. Users and their access credentials have become the target for attackers looking for an easy way to gain access to business systems. Employees of the organisation, business partners, and contractors with valid credentials are regularly found to be the initial source of advanced threat approaches and APT activity.
Most global markets recognise the following at-risk priority list for credential theft and insider breaches:
- privileged users (sysadmins, etc.) contractors and service providers business partners
- ordinary employees
- senior executives and C-level managers
- other IT staff
The human factor needs to be addressed on two levels – malicious insiders who set out to steal company data, and accidental misuse when an insider is duped into giving away or accidentally exposing their credentials. It extends to outsiders who have stolen valid user credentials; business partners, suppliers, and contractors with inappropriate access rights; and third-party service providers with excessive admin privileges. The common theme is that all of these groups have the opportunity, and in many cases the skills, to reach inside corporate networks and steal unprotected data.
Additional stats for mobile, cloud, and network access
The latest Ovum figures for mobile access show that 65% of organisations have a “bring your own device” (BYOD) policy in place. However, 28% of organisations do not allow BYO tablet use, and 21% do not allow BYO PC/laptop use. For user access, just over half of BYOD users (51.6%) are having their access managed within a corporate BYOD policy. A further 27% are using their smartphone devices for business use against company policy. Accessibility levels where BYOD is allowed vary significantly:
- 46% allow access to business email and calendars 21% allow access to corporate directories
- 21% allow access to work tools and content
- 20% offer full access.
Ovum research shows that 70% of organisations plan to increase spending on cloud-based services in the next 12 months. When extending the period to 24 months, the figure for increased cloud spend goes up to 80%. Of these organisations, most expect to use a range of network and cloud service providers.
In a recently completed Ovum survey, 75% of respondents said their top requirement from a network services provider was good-quality managed security. Just below that, at 68%, was secure connectivity and access protection to the cloud service provider. The top reason that organisations gave (43%) for terminating their contract with a network and cloud services provider was security issues; a further 25% said compliance issues; and 20% were looking to spread their risk.