Security has become far more than just a small team of experts in a room securing information, applications, systems and services. We now live in a world where we all have to be smarter about security.
Imagine if someone tried to break into your house 60,000 times a day. That's how many times the average company's IT infrastructure is attacked each day. It has also been estimated that the volume of created content will quintuple in the next year or two - to more than 2.5 zettabytes (a zettabyte is a 1 followed by 21 zeros).
Seventy per cent of that content will be created by individuals who have no responsibility to secure it. However, most of the content they produce (85 per cent) will wind up in environments controlled by organisations that will have that responsibility.
So how can we be smarter when it comes to security? One of the main pitfalls is value and management of data. There is a common misconception that information is of no value to those other than who we choose to share it with. Whether it is a scanned piece of paper with a signature or birthday information, knowing the value of your information will help work out how much protection to apply.
For example, increasingly fraudsters and others have discovered both at a personal level, and at a business level, that many different attacks can be financially lucrative.
- Basic personal information such as email account passwords can be valuable to gain access to an email account send a link and have people in your network open the link to allow software to be installed that take over those machines and attack businesses.
- Business information, even as basic as sales data or even potential company deals or partnerships, can be of value if a fraudster wants to make money by getting early access to that information and investing appropriately.
The move to cloud computing
For a growing number of firms, recent economic disruptions have spawned new ways of thinking about information technology and smart systems.
In many ways, technology has moved from being a back office function and enabler of cost reduction, to a driver of growth and value. The adoption of cloud computing is one of the key enablers many companies are looking at to achieve this.
In a recent IBM survey of more than 2,000 midsize companies, two-thirds were either planning or currently deploying cloud-based technologies to improve IT systems management, while lowering costs.
As more companies adopt cloud computing to reduce costs and embrace new business models, the issue of security remains the number one inhibitor to adoption.
The Global Risk Survey found that 77 per cent of respondents believe that adopting cloud computing makes protecting privacy more difficult and 50 per cent were concerned about a data breach or loss.
When adopting emerging technologies such as cloud computing or integrating existing systems, risk mitigation should be a primary point of discussion. Taking a proactive approach to IT risk management will mean staying a step ahead of vulnerabilities to remain more secure and resilient.
It is clear that a one-size-fits-all approach to security in the cloud will not work. It is about getting the appropriate security in place for the workload that is being considered for the cloud. The fundamentals of security still apply.
Individuals and business still want to know where their information is, who's accessing it and how it is being used, so they can manage and protect accordingly. Working out where and how to apply security is core to delivering security for the cloud. Cloud security can be delivered as part of the cloud service and also as specific components added in to enhance security. Depending on your cloud provider it may be that a combination of both of these approaches is necessary.
Businesses, cities, communities, government departments and all of civil society share, and shape, our planet's critical systems and we live in a world where we all have to be smarter about risk awareness and security.