Security Think Tank: Collaboration without compromise

What is the best approach to increasing collaboration without reducing security in an enterprise?

Dave Clemente

Published: 07 May 2014 13:34

Information is growing at an exponential rate, in terms of volume, velocity and variety, yet the resources to secure this environment are only increasing at a linear rate. Given this imbalance, how can enterprises collaborate – internally and externally – and be confident their information is secure?

One initial step is for enterprises to clearly understand their internal challenges. Policies may be lagging behind work practices, resulting in valuable data leaking into less secure environments.

Are employees collaborating in stealth, for example, through personal cloud services such as Dropbox due to lack of equally efficient corporate alternatives? Are they redirecting work email to private accounts to work more flexibly?

The answers to these questions are usually sobering, but it is a necessary step to identify, assess, and treat information risk. There are a number of tools available, including the ISF’s Information Risk Analysis Methodology, to help organisations find the right balance between risk and reward.

The next step, after greater internal clarity, is to analyse external information risk – ie risk arising from relationships with partners and suppliers. Supply chains are an integral component of business operations, and for them to function efficiently an organisation needs to share a range of valuable and sensitive information with its suppliers.

The costs can be significant when this risk is not managed properly. One example is the late 2013 data breach suffered by US retailer Target, made possible when hackers used compromised credentials from a trusted supplier to access Target’s corporate network.

Managing supplier risk requires comprehensive due diligence, particularly in the opening stages of a relationship, which is an area covered by the ISF’s Supply Chain Assurance Framework.

Ultimately the companies that remain competitive are those that can adapt their resources to the exponentially growing challenges of information risk.

Dave Clemente is a Senior Research Analyst with the Information Security Forum

Security Think Tank: Collaboration without compromise

What is the best approach to increasing collaboration without reducing security in an enterprise?

Read more on IT risk management

5G one of several security challenges to CNI

Security Think Tank: Put collaboration on 2019 security agenda

Security Think Tank: Focus on security before app deployment

Security Think Tank: Passwords alone are not good enough

SearchCIO

3 steps to recalibrate a strategic IT roadmap

Experts predict hot enterprise architecture trends for 2021

Cloud, security top list of IT spending priorities

SearchSecurity

Standardize cybersecurity terms to get everyone correct service

SolarWinds breach news center

Adopting threat hunting techniques, tactics and strategy

SearchNetworking

SolarWinds: Lessons learned for network management, monitoring

7 key SD-WAN trends to evaluate in 2021

10 network security tips in response to the SolarWinds hack

SearchDataCenter

IBM revenues head south again as hardware, services sales dip

Get a template to estimate server power consumption per rack

When the chips are down, Intel turns to VMware's Pat Gelsinger

SearchDataManagement

Enterprise data lakes hold the key to actionable insights

Data fabrics help data lakes seek the truth

Kyligence builds out data cloud for OLAP and big data