A new white paper from the multi-factor authentication product company, Swivel Secure, titled ‘The IT Security Risk Assessment: The Elephant in the Boardroom’ looks at how transformative technologies like Internet of Things (IoT), cloud and mobile could derail enterprise security entirely, it’s claimed. That is, unless a new enterprise-wide approach to assessing risk is adopted by the board, the IT and information security (IS) departments.
The paper explores the security challenges facing IT and IS departments as they seek to integrate the new with the old, without affecting the user experience or system performance. As department-specific cloud based services proliferate, enterprise IT decision making is shifting from the traditional IT and IS departments, resulting in systems and data security vulnerabilities disappearing from view, according to the paper.
Chris Russell, CTO, Swivel Secure, pictured, says: “As companies increasingly move to using BYOD and the cloud, IT and IS departments must remain central to both the selection and the migration process, if they are to prevent security chaos. In recent years, the number of devices and cloud gateways used to access corporate data have rocketed. What can seem like an obvious strategic move to the board, like using digital transformation to cut costs and promote productivity, can present serious risks to the firm’s data security. Unless the board learns from the mistakes of BYOD, the coming of the Internet of Things could make an already bad situation dramatically worse. A fresh approach to the culture of risk is needed if tomorrow’s enterprises wish to strike an appropriate balance between protecting their data and harnessing transformational technologies.
“By increasing the number of gateways onto the corporate network, IoT implementations risk creating a new wave of fresh vulnerabilities. Reputational and financial damage loom large for companies that embrace IoT without taking steps to ensure that full visibility, security management and proper development practices remain central to the evolution of their systems.”
The paper contends that only by taking a fresh and rigorous approach to estimating risk can companies mitigate unacceptable security issues and guard their sensitive data and assets. Any such risk assessment must take a holistic view of the entire business, including areas of digital transformation, to assess what is ‘business-critical’. It must then implement policies and procedures, including risk based adaptive multi-factor authentication, that must be adhered to at all levels, but which are also flexible enough to cater to business strategy needs.
The paper is aimed at IT and IS , executives and board members advocating digital transformation and is free from http://swivelsecure.com/adaptive-authentication/.
