Security Think Tank: Collaboration without compromise

What is the best approach to increasing collaboration without reducing security in an enterprise?

Dave Clemente

Published: 07 May 2014 13:34

Information is growing at an exponential rate, in terms of volume, velocity and variety, yet the resources to secure this environment are only increasing at a linear rate. Given this imbalance, how can enterprises collaborate – internally and externally – and be confident their information is secure?

One initial step is for enterprises to clearly understand their internal challenges. Policies may be lagging behind work practices, resulting in valuable data leaking into less secure environments.

Are employees collaborating in stealth, for example, through personal cloud services such as Dropbox due to lack of equally efficient corporate alternatives? Are they redirecting work email to private accounts to work more flexibly?

The answers to these questions are usually sobering, but it is a necessary step to identify, assess, and treat information risk. There are a number of tools available, including the ISF’s Information Risk Analysis Methodology, to help organisations find the right balance between risk and reward.

The next step, after greater internal clarity, is to analyse external information risk – ie risk arising from relationships with partners and suppliers. Supply chains are an integral component of business operations, and for them to function efficiently an organisation needs to share a range of valuable and sensitive information with its suppliers.

The costs can be significant when this risk is not managed properly. One example is the late 2013 data breach suffered by US retailer Target, made possible when hackers used compromised credentials from a trusted supplier to access Target’s corporate network.

Managing supplier risk requires comprehensive due diligence, particularly in the opening stages of a relationship, which is an area covered by the ISF’s Supply Chain Assurance Framework.

Ultimately the companies that remain competitive are those that can adapt their resources to the exponentially growing challenges of information risk.

Dave Clemente is a Senior Research Analyst with the Information Security Forum

Read more on IT risk management

5G one of several security challenges to CNI 5G technology is among the key security challenges facing critical national infrastructure and all other business organisations, according to the Information Security Forum

Security Think Tank: Put collaboration on 2019 security agenda At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not

Security Think Tank: Focus on security before app deployment What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?

Security Think Tank: Passwords alone are not good enough In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?

Security Think Tank: Cyber security is everyone’s responsibility How can information security professionals help organisations to understand the cyber risks across increasingly digital businesses?

Security Think Tank: Password management tops list of access control issues In the modern business environment, what are the most common access control mistakes and how best are these corrected?

Security Think Tank: Collaboration without compromise

What is the best approach to increasing collaboration without reducing security in an enterprise?

Read more on IT risk management

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

SearchSecurity

Google expands multiple Chrome password protection features

RSA teams up with Yubico for passwordless authentication

Pentagon CMMC program to vet contractor cybersecurity

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

SearchDataCenter

Refresh your data center cooling lexicon

Comparing Linux distributions: Red Hat vs. Ubuntu

Get eco-friendly with LEED data center certification

SearchDataManagement

Amazon Managed Apache Cassandra Service stokes competition

Aerospike 4.8 advances database persistent memory support

Data warehouse technologies evolve as vendors look skyward

Read more on IT risk management

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.