Reviewing & Maintaining A Best Practices Cyber Security Strategy
By: Richard Cassidy
Cyber attacks are daily news, and yet advanced security and compliance are often not considered as a fundamental requirement when moving critical applications to cloud and hosted environments.
Many companies deploy point technologies, such as firewalls, but stop there.
This lack of security planning and strategy would halt any bricks and mortar business (e.g. a retail store wouldn’t open without windows, doors, locks, security guards, CCTV, burglar alarms and etc.), but yet it generally fails to make it onto the agenda in a virtual world (e.g. network monitoring, log management, vulnerability assessment, application firewalls, threat intelligence), where the threat landscape is constantly evolving and the methods of hackers are becoming increasingly bold.
And the challenge with it not being on the agenda is that the security threats and risks to your business are not on your radar, therefore no-one is evaluating them or weighing them up against business-critical priorities (such as maximizing uptime and availability of your apps), and no-one is taking ownership or responsibility for figuring out and implementing a strategy that mitigates those risks for your business.
In a cloud environment this goes a step further, with many customers believing they don’t need to understand the security threats to their business as they expect their cloud or hosting provider to be responsible for the security and compliance of their applications and business critical data.
This an incorrect assumption, with potentially devastating impacts:
- Europe is the top cyber-crime region in the world
- 76% of breaches occurred from intrusions exploiting weak or stolen credentials (Verizon Data Breach Report, 2015)
- 65% of compromises remain undiscovered a month after they occur (Verizon DBR 2015)
Taking a proactive, strategic approach to evaluating your cyber security strategy is critical. It starts with understanding what the impact would be on your business if you were the victim of a cyber attack, and how you would be able to bounce back from it. Only then can you determine what risks you are happy to accept, and identify people, processes, and technologies that are needed to plug the gaps for any that you aren’t.
Upon evaluating this in-depth, many customers come to the conclusion that they would also like to leverage a security-as-a-service portfolio rather than trying to do it themselves.
This commissioned Forrester Total Economic Impact Study™ provides a framework in which to evaluate the financial impact of implementing in-house security versus Security-as-a-Service. Download here.
Originally published at www.alertlogic.com.
About the Author
RRichard Cassidy has worked in the Cloud Infrastructure, Cloud Security, Cloud Services, MDM, Core Networking, Security, and Virtualization markets for over 16 years, working with customers across every vertical from small office through to multi-national corporates, manufacturers, government, military, finance, and retail organizations. In his role as an expert product lead and technical evangelist for Alert Logic solutions, he is responsible for developing and implementing the technical strategy for international business.