When you lock up your house for the evening or if you are going away, you make sure that all points of entry are locked. If your home is to be targeted by a thief, they will probably not try the front door, but instead look for a vulnerable spot to enter (maybe the sliding door in the back or an open window if the season permits). It’s well known that in order to keep your family safe from intruders, a number of security measures need to be taken - locking the front door is not enough.
Cyber security is not much different. Your content, data, information, passwords, etc. are all vulnerable if they are not protected properly. Fifteen years ago, you could secure your network with an anti-malware solution and “rest easy” knowing that the network was surrounded by a protective barrier. However, hackers kept up with their work and found other ways in. The email gateway, unsecured ports, and other network holes were targeted (successfully), and IT responded with more security systems, more monitoring devices, and on it went.
Security is not just an IT issue, it is a business issue. Security does not just mean network, perimeter, and gateway anymore, it also means data, content, and information. In order to cover all the basis, IT needs to work with other areas of the business to deliver an integrated security solution that will allow for everyone to be equally protected from the variety of attacks that could come at any point.
Risk and compliance teams span the gap between IT and the rest of the business. Security monitoring devices now allow the CISO to watch the perimeter (like a guard might do) and warn the team if intruders are approaching the gates or if something suspicious is about to occur. Monitoring systems allow the CISO to be proactive, giving them the ability to warn the business units of potential attacks before they happen. The risk and compliance teams work to monitor these systems and communication efforts to be sure they are effective and up to the latest standards. Having multiple security measures in place that integrate with one another, making sure that all bases are covered at all times, makes for a very secure environment and one that is hard to break into.
Now that the outside is secure – what about the inside? Why do we use safes for our valuables? Why do we hide things? Christmas is just around the corner and I am more concerned that my kids will find their Christmas gifts than I am about my house being broken into, to be honest! Securing your content and data internally is just as important as securing them from the outside. Your employees can unintentionally cause a data breach, and if you do not have the right internal monitoring or authentication tools in place, it can cost you just as much as an external breach – or more. The average cost of a single record breach is reported to cost $160 per record, while a full out breach cost an average of $5.9 million in 2014.
Integrating your security systems in an enterprise environment is going to require careful coordination between the needs of the business and the abilities of your IT group. Choose technologies that leverage flexible API’s so that you can customize your IT security to integrate with the systems that the business needs to use. For example, integrating a content security solution with your CRM or DMS. Ensuring that the business systems can communicate with the security systems will make security monitoring easier and more effective; open communication is always better – in systems and in people.
In a world of BYOD, cloud based solutions, and telecommuting, the kind of data and information we need to secure goes beyond that of the business. Our personal information and data is getting mixed up in all of these systems too. Tackle security in an integrated way and work with your entire team to make sure you are covered. If an employee’s laptop or phone is stolen, the company is at risk AS WELL AS that employee’s personal info. Don’t just rely on the IT team or the C-suite to ensure security compliance. Make every department and every employee responsible for security and be prepared to hold them accountable. Communicate your security strategy clearly and make sure your entire organization understands their part. IT security is central to the business now – businesses crumble without it. Make sure that everyone is on the same page and all your systems are working together.