A fundamental shift in security

Thursday, 01 April, 2010

For a number of years, the security industry built effective defences from security threats using technologies including firewalls, anti-virus software and intrusion prevention systems. However, today, the majority of security threats have moved to the web instead of through email, and attackers’ techniques have matured. This shift, coupled with the proliferation of collaborative Web 2.0 sites, has changed the threat landscape and the way businesses need to think about security. Websense’s Adam Bradley* walks us through the changing landscape.

Today’s attacks are targeted and stealthy - aimed at stealing specific data instead of taking down a company’s infrastructure. Traditional security for the network and devices is no longer enough to combat the myriad threats towards businesses’ essential information. In today’s environment, organisations need to take a data-centric approach to their security strategy.

No longer is the purpose of a security attack to wreak havoc and overload networks. Today’s attackers are focused on quietly gaining access to and stealing corporate, personal and other confidential data. The insider threat to data is also real. Most of the time, data is lost is due to broken business processes and employees trying to do the right thing but circumventing the protected network, such as sending source code to their home webmail address to complete an outstanding project.

There are three key factors shaping the security landscape which, combined, are leaving company data at risk of loss or open to the latest threats. With Web 2.0, web content is no longer vetted and controlled by professionals. Of the top 100 websites, over 90% of these are Web 2.0 sites including social networking and search engines, with content generated by anyone from anywhere. Work is no longer confined to a time, physical place or device. In addition, enterprises now exchange data using a complex value chain over the internet rather than simple point-to-point connection which has a higher risk of data leaking out of an organisation as a result of broken or insufficient business processes.

Despite this exposure to security risks, businesses understand they need to allow employees access to these Web 2.0 tools to use in a productive and safe manner. Shutting off access to these sites is no longer a viable solution as organisations need to harness the benefits of the Web 2.0 world.

In order to allow the safe and productive use of new Web 2.0 technologies while protecting essential information, businesses need to deploy technologies that provide real-time analysis and reputation management of the web. Businesses should also employ technology that sets and enforces policy settings for web and data use. A contextual understanding of data is also a must when implementing an integrated data security strategy. Knowing who is sending information, what it is, where it is going and how it is getting there is essential to defining if data is being used correctly or not.

By bringing together the processes and technologies into the information assurance life cycle to protect data, organisations can be more secure yet allow their employees increased freedom to use Web 2.0 sites for work and leisure.

Vendors that combine web and email intelligence and real-time analysis with data security can provide customers with the level of context needed to implement informed, defined data protection strategies. By pulling these elements together with training, processes and good internal audit, a data-centric security strategy will protect an organisation’s essential information in today’s world of Web, Employee and Enterprise 2.0.

* Adam Bradley was appointed Managing Director for Websense Australia and New Zealand, based in Sydney, in April 2010. He has more than 15 years of experience in the IT industry and is responsible for driving Websense’s sales operation in the ANZ region to support company and channel partner business growth. Bradley originally joined Websense in 2002 and for the past three years was Websense Senior Regional Sales Director for the UK, Ireland and South Africa. During this time, he helped many organisations discover the right combination of web, messaging and data security solutions to tackle, head on, modern day security threats.

Bradley started his IT career in various roles encompassing technical/pre-sales and sales management across consumer, reseller partners and software vendors, giving him a deep understanding of the high-tech market and customer needs.