Security Think Tank: Collaboration without compromise
What is the best approach to increasing collaboration without reducing security in an enterprise?

Information is growing at an exponential rate, in terms of volume, velocity and variety, yet the resources to secure this environment are only increasing at a linear rate. Given this imbalance, how can enterprises collaborate – internally and externally – and be confident their information is secure?
One initial step is for enterprises to clearly understand their internal challenges. Policies may be lagging behind work practices, resulting in valuable data leaking into less secure environments.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
Are employees collaborating in stealth, for example, through personal cloud services such as Dropbox due to lack of equally efficient corporate alternatives? Are they redirecting work email to private accounts to work more flexibly?
The answers to these questions are usually sobering, but it is a necessary step to identify, assess, and treat information risk. There are a number of tools available, including the ISF’s Information Risk Analysis Methodology, to help organisations find the right balance between risk and reward.
The next step, after greater internal clarity, is to analyse external information risk – ie risk arising from relationships with partners and suppliers. Supply chains are an integral component of business operations, and for them to function efficiently an organisation needs to share a range of valuable and sensitive information with its suppliers.
The costs can be significant when this risk is not managed properly. One example is the late 2013 data breach suffered by US retailer Target, made possible when hackers used compromised credentials from a trusted supplier to access Target’s corporate network.
Managing supplier risk requires comprehensive due diligence, particularly in the opening stages of a relationship, which is an area covered by the ISF’s Supply Chain Assurance Framework.
Ultimately the companies that remain competitive are those that can adapt their resources to the exponentially growing challenges of information risk.
Dave Clemente is a Senior Research Analyst with the Information Security Forum
More on secure collaboration:
Security Think Tank: Enable collaboration by putting data at the heart of security
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments