DATA SECURITY
A CONJOINT APPROACH: USER-CENTRIC AND DATA-CENTRIC SECURITY By Dan Solomon, Director of Cyber Risk And Resilience Services, Optimal Risk Management and Arye Gickman, C.E.O, Longsight
T
he mobility of the workforce has brought new demands for anytime, anywhere access to confidential information and enterprise systems. New technologies have led to a flurry of new devices and applications, enabling new capabilities and greater productivity for the enterprise, both in terms of its own operations, but also in the management of its supply chain. As the pace of change in enterprises has accelerated, the challenge of guarding against the dangers to enterprise assets has grown even more rapidly, as the reality has become exponentially more complex. According to the SafeNet 2014 Survey, 74% of IT decision-makers still believe that the security perimeter will protect them from all security threats. At the same time, it was found by the 2014 Mandiant Study, Cybersecurity’s Maginot Line: A Real-World Assessment of the Defence-in-Depth Model, that 97 72 CYBER SECURITY REVIEW, Autumn 2015
percent of businesses have already been breached whether they know it or not. The consensus in dozens of other studies is that the majority of recent attacks can be characterised as “internal”. These findings are quite ironic and speak directly to a level of delusion that is plaguing the IT security profession, and the failings of long-established doctrine for defending a network. The irony is that despite these facts, organisations still invest significantly in the perimeter enforcement; with little attention to the fact that today’s perimeter borders are almost impossible to define. The number of ingoing and outgoing engagement points to the fact the enterprise is changing on an hourly basis. Companies are striving to define and apply security measures that will best protect data, based on their specific business priorities. In doing so, IT staff need to anticipate the evolving nature of the threats and security needs, and are faced with a complex choice