We asked four industry experts how IT leaders can manage expectations and evolve security strategies to keep pace with emerging trends. Here are their responses:
Anthony Spiteri, Senior Global Technologist at Veeam Software
The technology industry is an ever-changing beast. These days, if an IT team so much as blinks, it could miss an iteration of a platform, or new method of deploying a particular technology. This level of innovation cannot be maintained without an equal measure of education.
When it comes to security strategies, education should be the first step taken on the path towards resilience. Veeam’s 2021 Data Protection Report revealed that data outages put Australian businesses out of action for 86 minutes on average.
This confronting figure has the potential to rise if an IT team has not been educated on proactive methods to mitigate the risks of an outage. In the absence of the necessary skills and knowledge, panic and irreparable damage could ensue. To avoid being caught in a reactive position, it is critical that IT leaders fully understand the three main security attack vectors: Internet-facing services, phishing attacks and software vulnerabilities.
Once organizations know where the threats lie, they can approach training with strategies to refine IT and user security and implement the correct tools to ensure they are prepared for all eventualities. This will help IT administration isolate Internet facing services with backup components, integrate tools to assess the threat of phishing attacks to help spot and respond correctly, and inform users on recurrent updates to critical categories of IT assets, such as operating systems, applications, databases and device firmware.
Committing to educating a team is a not just a one-off event. It requires a consistent training and auditing program to ensure all members of the team are on the same page. Data outages can happen just as easily from inside an organization as outside – often simply as a result of human error. So, if businesses can easily mitigate these errors by enforcing regular compulsory training modules, why wouldn’t they?
It goes without saying that data downtime could have a catastrophic impact on an organization’s bottom line, but it could also lead to something far worse – reputational damage. Where a business might take a matter of weeks or months to recover from the financial blow, a black spot on a company’s reputation could linger for years, impacting customer loyalty and partner relationships.
In the absence of a silver bullet, businesses will need to plan ahead and invest time and resources into ensuring their IT leads can confidently deploy the most up-to-date security solutions to suit their newest technologies adoptions. Our IT teams are the heart of most businesses, and without their hard work in the back end to keep things flowing, the knock-on effect to other departments could be catastrophic and even fatal. So, in choosing to make your IT teams your priority, you are also choosing to prioritize your bottom line, your corporate reputation and the development of your staff.
Mark Lukie, Sales Engineer Manager – APAC, Barracuda
As businesses come to terms with operating in a post-COVID pandemic world, many are realizing that the issue of trust has never been more important.
It applies in a range of different ways. There needs to be trust within the business, with partner and suppliers and with the entire customer base. Businesses that fail to recognize this could find themselves increasingly losing out to better-prepared rivals.
A critical component of trust is robust IT security. Now that staff are more likely to be working away from the office for an extended period, ensuring they are protected at all times has never been more important.
When evaluating an organization’s existing levels of trust and security, there are a number of steps that need to be taken. These include:
- User awareness training: During the past 12 months, organizations have had to make large changes to operations in a very short space of time. Now that conditions are somewhat more settled, it’s time to ensure that all staff are on the same page when it comes to trust and security.
Conduct a series of training sessions during which the new ways of working are examined, together with the implications that changes have had for trust and security. Ensure all staff are aware of the roles they must play and the steps they need to take to ensure appropriate security measures are in place and operational.
- Highlight the threat landscape: Cybercriminals have been making the most of the changed work patterns and are actively targeting people who are working from home. Inform all staff of the latest attack vectors and the steps they need to be taking to avoid falling victim.
- Implement a zero trust security strategy: With large numbers of staff now working outside the traditional IT infrastructure perimeter, consider embracing the concept of zero trust to maintain effective security.
Zero trust requires users and the IT resources they are trying to access to be authorized before that access is granted. It is effective to ensuring solid security regardless of where staff happen to be located. It does require a full rethink of how security is achieved but acceptance is become more widespread.
- Assess cloud security measures: As organizations make greater use of cloud-based services and resources, time should be taken to ensure the security measures that have been put in place.
Required security will be more complex if a hybrid cloud approach has been taken. The tools deployed to protect existing on-premise applications and data storage devices will likely be different from those needed to secure cloud-based resources.
- Develop an ingrained culture of security and trust: To maintain effective security over an extended period, it must become deeply ingrained with an organization’s corporate culture. Constantly communicate with staff to ensure they know and understand what steps are being taken and why they are necessary.
By following these steps, an organization will be much better placed to ensure effective levels of both security and trust are maintained at all times. This will ensure operations can continue both during the COVID recovery period and during the months and years that will follow.
Mark Perry, APAC Chief Technology Officer at Ping Identity
In an increasingly competitive business world, delivering a compelling customer experience has never been more important.
From the moment a new customer first interacts with a business until well after they have made their purchases, the experience must be enjoyable, rewarding and as frictionless as possible. If this is not achieved, they’ll simply head elsewhere.
Interestingly, when they are critically assessing the state of the customer experience they are delivering, many companies are now looking beyond businesses that would be considered their traditional rivals.
For example, a bank may be taking steps to improve the experience of customers who make use of its mobile app. Instead of comparing that experience to those offered by other banks, they might instead look at what is offered by companies such as Uber or AirBnB.
This is because consumers have a certain level of expectation when it comes to interacting with all types of businesses. And, with a higher proportion of interactions now happening digitally, these expectations are on the rise.
Where once a consumer may have been prepared to put up with a clunky interface or poorly designed ordering process, this is no longer the case. They are demanding experiences that are consistent, dependable and simple to understand.
Consumers also have expectations when it comes to privacy. They want to be assured that any personal details they provide are stored securely at all times. They are also keen to know that the data won’t be held for any longer than required to complete the transaction or passed onto a third party without prior consent.
The critical role of security
Sitting at the heart of these rewarding customer experiences is the challenge of security and identity. Consumers need to be identified in ways that are effective without causing a barrier or speed bump in the transaction process.
For this reason, increasing numbers of organisations are shifting away from being reliant on passwords. A mainstay digital verification for many years, they are now making way for better and more streamlined alternatives.
In many cases, biometrics is offering a practical alternative. Rather than having to remember a complex password containing letters, numbers and symbols, a customer can instead provide a fingerprint or use facial recognition technology.
Another alternative being adopted is voice prints. A customer is recorded while dictating a set phrase and the recording is then analysed to create a unique audio print. This can then be compared to the voice of the customer the next time they call.
Such options can significantly improve the identification and authentication processes used by organisations in all sectors. Transactions can be streamlined and the quality of customer experience increased.
The bottom line is that identity and security have to be both effective and frictionless. Any authentication system must be easy to use and not create annoying delays in the transaction.
The organisations that crack the challenge of deploying an effective identity based security infrastructure in the coming months will be best placed to grow as market conditions improve. They will have achieved the goal of providing a compelling customer experience.
Steve Singer, Regional Vice President and Country Manager – Australia and New Zealand at Zscaler
Having passed the 12-month mark in this new era of remote and home working, IT teams remain focused on the challenge of ensuring effective IT security is in place.
Faced with massive changes in work practices when offices closed and needing to ensure that customer service levels remained in place, IT teams had to juggle multiple priorities and deal with seemingly impossible deadlines.
When it came to security, the task was particularly acute. Users were suddenly working with insecure home networks and BYOD devices. Ways had to be quickly found to allow them to access the centralised resources that they needed to get their jobs done.
IT teams have also been forced to spend time managing user expectations. What was relatively easy to deliver to an office-based workforce is now more complex to achieve. As a result, users had to be informed about the support they would receive and given timelines within which it could be delivered.
Now, with the longer-term effects of the pandemic becoming clearer, there is further work for the teams to complete. They must determine the best ways to achieve effective IT security in a world where remote working has become the new normal for large numbers of people.
Rethinking IT infrastructures
To effectively service large numbers of remote workers for an extended period of time, IT teams will continue to take a different strategy when it comes to security.
For the past 30 years, networks have been connecting users to applications in the data centre, which was surrounded by a secure perimeter that kept applications and data safe from outside attackers.
Now, with users connecting remotely and greater use of cloud-based resources, this approach is no longer able to solve the fundamental challenges of security and is actually adding complexity and cost.
Increasing numbers of organisations are instead adopting a different approach to the challenge. Dubbed Secure Access Service Edge (SASE), the approach has been identified by research firm Gartner as an effective way of achieving strong security for remote and dispersed workforces.
SASE places an emphasis on securing the traffic between the user and the application. In other words, it’s the journey and not just the destination that is most important. With the SASE model, digital businesses must provide security at all times, regardless of the location of the user in question.
SASE is being augmented by a second strategy called zero trust. Under this approach, users and devices must be identified before being allowed access to applications and data. This removes the need for a secure perimeter and makes sense in the current home working environment.
Zero trust also enables enterprises to truly isolate and segment who has access to what. This means no more shared spaces, as every access must be validated before it is enabled. This is done by simply bringing the user and the application together only for that particular communication and nothing further.
During the coming months, organisations that embrace the strategies of SASE and zero trust will be able to build a single way of working and be better prepared to cope with the ever-increasing set of events that can challenge business operations.
Staff can have secure access to the resources they need but without many of the restrictions encountered during the depths of the pandemic shutdowns.
This means that IT security teams will have succeeded in re-architecting their environments for the new way of working while meeting the changed expectations of their users.Click below to share this article