Security Think Tank: Collaboration without compromise

Information is growing at an exponential rate, in terms of volume, velocity and variety, yet the resources to secure this environment are only increasing at a linear rate. Given this imbalance, how can enterprises collaborate – internally and externally – and be confident their information is secure?

One initial step is for enterprises to clearly understand their internal challenges. Policies may be lagging behind work practices, resulting in valuable data leaking into less secure environments. 

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Are employees collaborating in stealth, for example, through personal cloud services such as Dropbox due to lack of equally efficient corporate alternatives? Are they redirecting work email to private accounts to work more flexibly?

The answers to these questions are usually sobering, but it is a necessary step to identify, assess, and treat information risk. There are a number of tools available, including the ISF’s Information Risk Analysis Methodology, to help organisations find the right balance between risk and reward.

The next step, after greater internal clarity, is to analyse external information risk – ie risk arising from relationships with partners and suppliers. Supply chains are an integral component of business operations, and for them to function efficiently an organisation needs to share a range of valuable and sensitive information with its suppliers.

The costs can be significant when this risk is not managed properly. One example is the late 2013 data breach suffered by US retailer Target, made possible when hackers used compromised credentials from a trusted supplier to access Target’s corporate network.

Managing supplier risk requires comprehensive due diligence, particularly in the opening stages of a relationship, which is an area covered by the ISF’s Supply Chain Assurance Framework.

Ultimately the companies that remain competitive are those that can adapt their resources to the exponentially growing challenges of information risk.

Dave Clemente is a Senior Research Analyst with the Information Security Forum

More on secure collaboration:

Security Think Tank: Enable collaboration by putting data at the heart of security