Few would question the importance of making sure data is secure, but having a technology-driven single dimensional solution focused on protection alone is missing the holistic picture and may put a business at greater risk.
Clearly, the reality of information security today is very different from that of the past. The near inevitability of an information breach means a much more strategical approach is required to balance the paradoxical demands for data protection, and data accessibility for business growth.
Without a doubt, one of the key success factors of a business today is the ability for it to absorb a cyber-attack and carry on with business as usual.
What is information security?
Information security is the practice of defending information from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take, such as electrical or physical.
There are no tools or products in the market that can be bought off the shelf that can guarantee 100% information security. It is a process, not a product.
The risks
Now that we've discussed what information security is, it is equally important to understand the inherent risks if not implemented correctly.
Following on from recent security trends, cyber threat seems to be topping the charts, with cybercriminals demonstrating a higher degree of collaboration amongst themselves, and a degree of technical competency that has not spared even the largest organisations. Businesses, therefore, must be prepared for the unpredictable, gaining resilience to withstand unforeseen high impact events. Regulations around collection, storage and use of information, along with severe penalties for loss of data and breach notification, means there should be greater emphasis around how we protect our information.
BYOD (Bring Your Own Device) highlights the growing trend of employees bringing personal mobile or computer devices to work. Whether organisations like it or not, BYOD is here to stay, bringing more information security risks than ever before. These risks stem from both internal and external threats, including mismanagement of the device itself, external manipulation of software vulnerabilities, and use of unreliable applications.
Let's talk people. Employees are the greatest asset to any business, yet they can also be the greatest threat! We can even call them the ‘wildcard’, as the risks from people are real. Many organisations still fail to recognise the need to secure the human element of information security. In essence, people should be an organisation's strongest control.
Risk management
Risk management forms an integral part of the ISO27001:2013 standard. The process starts with the identification of risks leading to the classification, analysis and prioritisation of those risks. Understanding the organisation’s information assets and where the sensitive data is stored is very critical to performing an efficient risk management exercise. Having said that, understanding what data is critical to your organisation and what activities are abnormal is far more important, without which, data loss prevention or information security management can’t work to its full potential.
This is the area HighQ has been concentrating on this month as part of our regular risk management exercise, to ensure we stay up-to-date with all our information security related risks. Client data is paramount to HighQ, and information security means better business. HighQ has always recognised that security should form part of overall business risk management, and accordingly, has tried to integrate and align information security with the business strategy, objectives, business structure and style.
This year, the main focus in this domain will be to migrate to the 2013 version of the ISO27001 standard so we stay on top of all the controls necessary to protect our clients data and incorporate industry standard security measures in every phase of the product, whether it be design, development or deployment. We will be focusing largely on the development of the security posture of the company and ensure we stay compliant with all applicable security standards, laws and regulations.
Cloud and security
Despite the clear benefits of the cloud, many enterprises are still hesitant to fully adopt or capitalise on all the advantages. There are a few key reasons for such hesitation, including the prevalence of data breaches and hacks in recent years, stricter data residency requirements across geographical boundaries, and internal restrictions brought about by company policies or industry requirements and consumers. There is little doubt, however, that proliferation of business-improving cloud applications will continue to increase in the coming years and provide business advantages to those that adopt. The question now becomes how enterprises hesitating can revaluate and begin adopting cloud, while adhering to the security demands they must meet.
The answer is the private cloud, providing both the advantages of cloud computing and ensuring the information security requirements are met. A leading provider of secure data room, extranet, collaboration, know-how and publishing solutions utilising the Software as a Service model, HighQ provides businesses with benefits such as single tenancy architecture, option to choose the location where the business would like to host their data, encryption keys, hybrid cloud, and peace of mind by providing encryption for data at rest and in transit.
