Going back to the basics of IT security implementation
A recent article from Haythum Auda of CloudGo, our Cloud Computing consultancy
To use a simple analogy, building a strong foundation for a house means you can build one floor after another with no risk to security. Security infrastructure in IT needs to be rewired and strengthened at this level to support IT operations, rapid application and development with minimal additional risk to security, enabling rapid and evolving business growth.
We are suffering now, to some extent, from a legacy of thought that there were no security risks and threats to and IT infrastructure. The old mainframe computing model meant that only those with terminal access could change and run code and the security was largely governed by physical access to those terminals. The huge developments in connectivity with WiFi and VPNs and, essentially, the internet, means (and have meant for some time) that physical proximity of access is now irrelevant. It can be argued that the enthusiasm for application development and the world of the internet, ecommerce and mobile has relegated, in some parts, security development to a lower priority.
During the 80s, with companies such as Novell replacing the Mainframe computing model by with contributions to the large area networks, there was a need to expand the functionality of security infrastructure across organizations. Running a mainframe was expensive, companies such as Microsoft and IBM seized the opportunity and became serious market players in the network connected PC space, but even then, security was not a priority, only the advancement in technology. It was not perceived as something at risk, unlike today. It was always about budgets and short – term solutions competing with issues of security. With cursory nods towards anti-virus patching the fundamental foundations of a secure infrastructure were still being ignored.
IT today is fantastically accessible. And that is, at once, the whole point of large parts of it whilst and the biggest threat – the world’s largest technological dilemma is you like. A door isn’t enough, there is a need for a sturdy door with a robust lock that opens only when required. The landscape has fundamentally changed which requires us to go back and rethink the fundamentals of IT implementation. While there is no doubt that it is expensive and complex, it is imperative. Arguably the greatest threats faced by us today are cyber risks. Giving not enough considerations to the founding infrastructure of systems in the past was the problem – something that we realize today. Everything we now know means organizations must take a step back and look again at the fundamental components of their architecture and systems.
IT changes and technological advances at the end of 90s and during the early 00s, meant that breaches of security started happening on a large scale. More recent catastrophic cyber events called for a huge rethink and re-prioritization of security infrastructure. Organizations and individuals began to realize how cyber security infrastructure is key to the success of any business as the security maturity level of a company brings, not only the security itself, but also credibility to the organization.
With the vast amounts of data available today, and its increasing sensitivity, the core of dependable security lies in the strong architectural foundation of security infrastructure. Security is no longer a trade-off for convenience. As the attacks continue and become increasingly sophisticated, our approach and commitment to security infrastructure needs prioritising and tackling with the same enthusiasm as those looking to break it.
Where does your security sit? How mature is your current security? How resilient are you currently? These questions must be asked by each and every one of us.
The greater the immunity, the more resistance there is to the threat. And immunity comes from having a strong and fit body – a strong and fit infrastructure. Contemporary CIOs should be building a security strategy, taking the lead on restructuring security, and create and develop a culture of cybersecurity-first within the organization.
It’s not just a commercial issue of course and the IT systems that facilitate and support government operations are under a greater risk. It can be a disaster if security breaches happen with government related data. This article talks about current targeted attacks in South and Southeast Asia, proclaiming the importance of building an Information Security Infrastructure that is robust, resilient, and dependable.
There’s a stark bottom line here – you either have a robust security infrastructure, or you have CloudGo set one up for you!