Enterprise security’s ever expanding requirements

  • An overconfidence among network professionals can leave systems vulnerable to attack.

  • Survey results suggest that many organizations' security plans from just a short time ago may already be obsolete.

  • Continuous assessment may be beyond an organization's abilities, but security specialists can help.

The world of business security changes constantly. The use of technology (and the accompanying business requirements) is expanding, and technical providers are shifting. To deliver products and services, it takes an aligned ecosystem, not a business running in isolation as was the case in the past. Following are a few reasons and reminders why you need a continuous assessment of your security vulnerabilities in today’s technology landscape.

An illusion of control can leave systems vulnerable

Even for in-house data protection, many known vulnerabilities are left unaddressed. In a 2014 paper from BitSight® titled “Continuous Third-Party Security Monitoring,” a surprising level of overconfidence among network protection professionals was evident. This illusion of control is potentially leaving systems vulnerable to attack. Of the surveyed IT decision makers, 59 percent indicated a desire to track and monitor. “Yet across those same (respondents), an average of only 22 percent were tracking with monthly or greater frequency,” the paper reported.

The study found over 70 percent of the organizations that fell into this subset were still vulnerable to the POODLE exploit in the SSL 3.0 encryption protocol, and another 38 to 51 percent were susceptible to the FREAK vulnerability. Both are known issues that already should have been addressed. This is evidence that even security plans from just a short time ago may be obsolete.

BYOD and IoT bring new challenges

Business data is being shared across more types of devices, including mobile phones and tablets with today’s Bring Your Own Device (BYOD) trend. These devices are easily lost or misplaced, which can leave data exposed to vulnerabilities. The information flow is also expanding to embrace a range of systems defined by the Internet of Things. The expanding business relationships and new technical tools increase the security attack surface. It is not enough to just protect your in-house data; the understanding, assessment, and projection effort needs to encompass the breadth of those that generate and consume the business’ information.

Security requires a proactive, structured approach

Some data needs to be encrypted at rest, as well as while on the move. It may seem that funds spent on security need to expand exponentially with the risks, but that’s not reasonable. Instead, a structured approach to understanding the importance of the data and how it is controlled is necessary. Not all data in the organization should be treated the same way; a triage approach is required.

Security needs to be assessed continuously and revised at least once a year. For a business to work, it requires reliable, timely, and secure information flow, and that may be beyond an organization’s current security planning. Network security consulting specialists may be required.

For more information on how AT&T can help with your enterprise’s security, visit AT&T Network Security.


Charlie Bess is an independent IT Consultant. He is the author of this blog and all opinions are his own. AT&T has sponsored this blog post.



Charlie Bess IT Consultant Sponsored Post About Charlie