Information security is up to top of the agenda, says Logicalis’ Jordan
If you ask yourself where are your organisation and your technology in relation to security, the answer is going to be ‘Behind’. It is hard to think of a single organisation today — even when you include state bodies and the intelligence and security community itself—that can be truly certain of being ahead of the threats and in complete control of all possible vulnerabilities.
Headline stories of spectacular data breaches have become almost commonplace, involving trusted brands like Apple, eBay, UPS, Booking.com and Target and Home Depot, household names in the USA. What does not get much publicity, because it is presumed to be techy, is that most such breaches are the result of something basic in security not being applied or adhered to. Even giant multinationals can fail to implement recognised best practice.
A certain degree of fear is a perfectly appropriate response. On the other hand, be reassured: well over 90% of what any organisation needs to do in this world of threats is covered by standard operational ICT stuff and best practice in business procedures, including information management. We are talking about patching and updating of software and hardware, across the board but especially in security software and solutions. We typically find that patching is inconsistent, probably with different tools, and focussed only on certain designated core systems. Careful and systematic control of user access permissions is a business responsibility, enforced by IT, while encryption of at least the most sensitive data is best practice but still a minority activity.
Three out of four CIOs and IT leaders worldwide plan to make software-defined solutions part of their wider IT strategy, according to a new study that Logicalis conducted late last year. At the same time, most enterprises are challenged by the technical complexities of current trends like mobile and cloud. That can lead to some neglect in maintaining or postponing patch management for existing and mission-critical systems or even simple anti-virus updating. Another related area is regulatory compliance, which affects every organisation and is becoming more complex and demanding all the time. EU business regulations alone are set to expand greatly this year and we are working with a number of clients to address these developments.
We believe the only way to work with clients is on a solution basis to meet their exact needs
Every organisation is unique, marketing cliché though that is, and we believe the only way to work with clients is on a solution basis to meet their exact needs. That means working through the wide range of security technologies that could or should be used, from antivirus and firewalls to access control, intrusion detection, DDoS mitigation and the essential but unglamorous things like patch management and backup.
Those are all essential in some degree today, with variations because of the nature of the organisation and its activity. More and more the best ongoing answer is a combination of investment in security IT and business best practice combined with an expert security partner and service provider. Whether as simple as an intrusion and event management service or as complex as 24×365 full monitoring, for any organisation today facing the world of threats alone is starting to go beyond brave towards foolhardy.
Patrick Jordan is general manager for enterprise technology solutions with Logicalis