PHOTO - Benjamin Mah, director, business development, enterprise security, Oracle Asia Pacific.
Getting back to security basics with a unified security platform approach can help organisations meet compliance standards while fostering innovation from the increasing trend of employees bringing their own devices, according to IT solutions provider Oracle Malaysia.
Speaking in Kuala Lumpur, 6 March 2012, Oracle Asia Pacific director, business development, enterprise security, Benjamin Mah, said: "We recently asked key chief security officers (CSOs) around the world what keeps them awake. Their responses could be summed up with three pillars of concern: dealing with threats, meeting tougher compliance requirements and not missing opportunities provided by cloud computing, mobile access and globalisation."
"Insider threats appeared particularly high on their agenda, as the number of these are rising and comprise insider fraud, and compromise of data privacy," said Mah. "The Verizon 2010 Data Breach Investigations report showed that 48 percent of threats came from insiders, accounting for 92 percent of stolen records from database servers, while 89 percent of records were stolen by using SQL [structured query language] injection and 86 percent consisted of stolen credentials acquired by hacking."
"The rise of the BYOD [bring-your-own-device] trend, while increasing work flexibility, also opens up an organisation to more vulnerabilities, and traditional firewalls are not enough of a solution," he said. "The McAfee Threats Report Fourth Quarter 2010 shows a 46 percent increase on mobile attacks on 2010 compared to 2009. A Network World finding in January 2011 included the indication that 59 percent said employee behaviour on social sites can endanger corporate security."
Mah said CSOs faced the challenges within a fragmented business and IT environment of how to control insiders and report anomalous behaviour, while ensuring data was protected against multiple threats and intrusions. "Poor reporting is a root cause of tracking, of missing anomalies and potential breaches. Threats are increasing in sophistication with social engineering tactics that target individuals."
Companies have to adapt
"With cloud computing, mobile devices and social networking, CSOs need to find a way to adapt to the changes with digital forensics and heightened visibility into their organisation's IT activities," said Mah. "In addition, CSOs need the ability to develop and deploy changes more rapidly."
"Knowing your users and how they authenticate themselves onto your network, as well as knowing their roles and what accessibility they are supposed to have, while staying compliant with accurate auditing and reporting requires a unified security approach," he said. "Identity management has evolved with the adoption of cloud computing and mobile computing by upscaling of IDs, authentication process, as well as the enhanced management and monitoring of behaviour (risk management)."
Sign up for Computerworld eNewsletters.