Achieving IT security today is akin to seeking the Holy Grail. We spend heavily on security software and compliance processes, and yet hear weekly of yet another company losing corporate emails or customers’ personally identifiable information to disgruntled insiders or increasingly sophisticated hackers.
With the explosion of mobility and cloud, corporate IT no longer controls data access and data sharing. But IT security is possible today. In this slideshow, Quest Software will explore the challenges of securing today’s computing environment, while discussing “closed-loop identity and access governance” — a model to secure your organization’s most valuable asset, its data. This includes intellectual property such as trade secrets, research data, customer information, and privileged communications.
Click through for a closer look at how a “closed-loop” security model can help your organization protect its data in today’s complex computing environment, as identified by Quest Software.
Many end users equate the cloud with ease and convenience, but they give little thought to long-term security. The benefits of cloud are immediate, so its potential vulnerabilities down the road receive little consideration.
A good example is the team of non-IT employees who require the ability to collaborate and share project files. Put yourself in their shoes. The option we’d like them to take is to ask IT for an appropriate location to store all their files, such as a SharePoint site. This could be made accessible only when they’re on the network, so, if anyone on the project leaves the organization (terminates or resigns to work for a competitor), they immediately lose access to that site, since they’re no longer on the network. This could take some time, and require approvals, further explanations and justification (or, in the eyes of the end user, “red tape”).
Their other alternative is to set up a free Dropbox shared folder in less than two minutes, with no approvals, requests or oversight required. It’s hard to blame users for taking the easiest route. What they probably aren’t considering is the risk involved ─ in a large company, it can take days before people hear of co-workers leaving, and, when they do, are they really going to stop and remember that former employee had access to their Dropbox folder six months earlier? Likely not.
We know the consumerization of IT is real, it exists and it’s growing every year. So, what are today’s IT professionals to do? The answer is to focus protection on the data, not the device used to access the data. It’s the data that is of true value to your organization. A laptop or smartphone can be replaced at little cost in the grand scale, but a list of your customers’ names and credit card numbers is, undoubtedly, of much greater value to your company.
How do you focus protection on data, rather than the device? By following a closed-loop identity and access governance model. This means management should define, enforce and audit identity and access policies, which, to work properly, requires collaboration between business management and IT operations. The business needs to decide what constitutes sensitive data, and who should be permitted access to it.
IT operations then can work toward finding easy solutions for end users to effectively and efficiently adhere to the policies (there are ways to make it much easier for end users to save their sensitive data on the network, so they don’t have to resort to using Dropbox for collaboration with co-workers).
Finally, the business and IT should collaborate together on regular attestations of who has access to sensitive data, and where it is stored, to ensure both sides of the enterprise are following the established policies, thus closing the loop.
The key to meeting the challenges presented by cloud and BYOD is for management and IT to focus on the data, and, in doing so, put themselves in the shoes of their end users to truly understand their choices and behavior. That perspective will position them on a much better path to success.