When a business does not focus on developing intelligent, relevant and informed strategies, chances are that firm will not last very long in the highly competitive and challenging markets of the modern era. Although IT strategies are becoming a bit more intelligent as time goes on when looking across industries and at companies of varied size classifications, one area that has seemed to be a major drag is security.
About five years ago, experts were arguing that relatively simple adjustments to policies and affordable solutions could dramatically reduce the risk of breach, and perhaps drive down the cost of damages should an event occur. For example, researchers found that BYOD - which was still relatively new at the time - did not need to be nearly as risky, but so many companies had virtually no technological or policy-based control of activity in place, making it a very dangerous trend.
Virtually every time a new movement in technology surfaces, be it cloud computing, mobility, big data or, more recently, the Internet of Things, questioning the trend's security appears to be the common approach. What would be more intelligent, safe and effective is to look internally and understand what the company's capacity for embracing these trends in a secure fashion entails, as no technology is in and of itself completely safe.
When looking at the measures taken to actually protect digital assets, it is all about the ways in which the solutions are used and managed, as well as the behaviors of staff and decisions of leaders. In addition to using reliable solutions such as email encryption software and secure cloud services, it might be time to begin focusing on the development of analytics-driven research into threats and risk mitigation, as the most intelligent plans tend to yield the strongest results.
A rising tide
Gartner recently reported that analytics solutions that specifically target security data could potentially be the most effective means of identifying intrusions and vulnerabilities in a timely fashion, and that this might become a common pursuit before long. Big data has already started to be viewed as a viable solution for a wealth of problems, ranging from small business marketing strategies to public health on the national scale in the United States.
Many larger companies have already started to invest more in advanced analytics to either better inform innovative endeavors, get more out of data generated by the Internet of Things or, more recently, improve security performance. Now, as the researchers pointed out, one specific use of analytics for security is the detection of breaches, which should be a high priority for virtually all organizations that handle sensitive information.
According to Gartner, more money is being allocated to security budgets in the average enterprise, and this might be where the funds eventually begin to stream once the finer points of analytics-enabled protection and visibility become more clearly defined. One of the firm's research directors, Eric Ahlm, explained his feelings on the matter, and why this might be a very sound investment for so many entities.
"Breach detection is top of mind for security buyers and the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level," Ahlm explained. "Security analytics platforms endeavor to bring situational awareness to security events by gathering and analyzing a broader set of data, such that the events that pose the greatest harm to an organization are found and prioritized with greater accuracy."
This might not be a viable option for all businesses today, but it should at least get the average leader thinking about how modern security threats need to be met, and the value of intelligent decision-making.
Intelligence sans analytics
There are plenty of pieces of common knowledge that have not yet been completely digested among business leaders, and they can have a profoundly positive impact on security performance once they are taken seriously. For example, if the firm is not using email encryption, yet it is sharing sensitive information through these communication platforms or discussing matters with clients or patients within the medium, it should begin doing so soon.
Email attacks remain highly common and effective, and most often involve a link that tricks the user into clicking, such as in an instance of phishing. If email security control and proper awareness training is offered to all employees, the chances of this attack working will be inherently lower.
If the business does not have the resources or expertise to maintain and protect a cloud computing asset in-house, it should seek out secure services from reliable managed service providers. While analytics-based IT defense is certainly exciting and will likely be more accessible down the road, simply obliging the tenets of common sense can be an exceptional approach to fall back on in the meantime.