Digital enterprise security has transformed over the past few years.
With BYOD (bring-your-own-device) on the rise, increased cloud access, and more users working from home, your cyber security cannot rely on your users being in a particular location or using a certain device anymore.
Previously, the focus was on asset protection and ensuring systems in your data centre or in your organisations were secure. This mainly involved employing controls such as firewalls, endpoint controls, and anti-virus within your network.
Today, with the propagation of data and information that now exists far outside the traditional network, ensuring visibility and control of your users and data based on identity and context becomes a crucial part of your cyber security strategy.
The one concerning element around the speed of adoption of cloud and other innovative technologies is that it often outpaces the evolution of security technologies.
According to Crowd Research Partners: 84% of organisations say traditional security solutions do not work in cloud environments.
If you have made the move to cloud, you need to acknowledge the differences in security controls between cloud and on premise infrastructure, and assess how that changes your security requirements. Ask what legacy controls can be brought across to the Cloud, or what can be modified for the migration?
What is Zero Trust?
Cyber security best practices are now moving towards a Zero Trust model or an Identity-based control.
Zero Trust moves away from the traditional idea of parameter security where inside is trusted and outside is not. Organisations need to examine each transaction in its entirety.
This means that every transaction and movement of company data should be based on the identity of the person, and the context around the person.
Cyber security professionals need to build up a holistic image of the user: who is connecting, where they’re connecting from, what device they’re using, what time of day, what information they’re accessing, etc. From there, they should construct a comprehensive picture and apply controls to that particular user’s context and identity.
Different companies will have different concerns; it depends where the company is in their maturity and the systems they have in place.
Our security consultancy team helps organisations to develop information security frameworks that ensure each element is addressed and your organisation is covered from a practical control point of view, be it network-based controls or user authentications.
We also take into account the governance front; our ISO consultants have deep-domain expertise in cyber security and data protection, and specialise in implementing change control management, patch management, and identity management.