Security is one of the perennial concerns of IT professionals, and rightly so. The behaviour of attackers is evolving rapidly, and every organisation, from every industry, of every size, should be considered a target.
When we talk to businesses, many share the same challenges. They are working with a complex mix of security technology – just 58% of security specialists say they have the best, up-to-date tools1. They lack visibility across the environment. And they are facing a shortage of IT security specialist resources. Little wonder security tends to be seen as a constraint.
We like to view security from a different perspective. We see it as an enabler. Finding the right security solution can save a lot of IT time and money – and it can also mean the ability to welcome customers and suppliers further into your world, safely. But what does the right solution look like?
For a start, it must be simple, all elements must be integrated, and it must take into account the proliferation of mobile devices and internet of things (IoT) potentially connecting to your environment. And it must make life easy for users. That sounds like a lot – but actually, it can be more straightforward than you might anticipate.
This integrated approach is something we share with our colleagues at Cisco, whose annual Cybersecurity Report is essential reading. As you might expect from a vendor with such a broad range of products, they do place a focus on making integration easy on customers. This is good business sense for Cisco, of course, but it is also good news for customers. And where they lead, no doubt others will follow.
This year’s Cisco 2017 Cybersecurity Report is realistic. It says that stopping all attacks may not be possible – but minimising risk and limiting exposure is. Cisco advocates ‘constraining your adversaries’ operational space’ so that their ability to damage is constricted. The complex web of products from different vendors can be ‘a recipe for less, not more, protection’, and integrated products that work seamlessly together leave less room for intruders to go undetected.
Given this acceptance that attacks will happen, time to detection (TTD) is important. The difference between the integrated and the diverse security product approach becomes clearer from this metric. Cisco is obsessive about TTD, and measures it in hours. Non-vendor-specific reports measure TTD in weeks or months. That is a lot of freedom for intruders to wreak havoc.
We’re fortunate to have some extraordinary security specialists in our team, and they have strong connections with Cisco’s international experts. Their advice is to reduce complexity, integrate where possible, get regular, independent security audits – and if you cannot dedicate considerable time to always staying up-to-date, partner with someone who can.
When you’re time poor, going it alone will be an unnecessary headache – but help is at hand. The stronger security solutions will make it easier for users and guests to work from multiple endpoints safely – and will reduce calls to your helpdesk. The only ones having to work harder will be the cyber-criminals – and if you’re a harder target, they may just look elsewhere. While you’ve empowered your users, and enabled them to work productively, your competitors may still be grappling with a dozen different vendors.
For more about security that increases freedom, contact our friendly experts at Computer Merchants.
1 Cisco 2017 Cybersecurity Report, p. 49