By Dr Guy Bunker.
Earlier this week I attended two conferences. The first was Digital Risk Management in Financial Services. I moderated a panel session on Governance where we covered everything from EU legislation to the problems with identity. The second was the AGC Partners Growth conference, at which I was a panel member and the topic was future cyber solutions.
There were two things that struck me that were apparent at both events. The first was that there is no silver bullet and one size doesn’t fit all. There is, in my opinion, a challenge for organizations big and small to find a set of solutions which provide the in depth defence required to keep information (and systems) safe while remaining cost effective - not only to deploy and configure, but also to maintain. Let’s remember that the vast majority of organizations have between just 0 and 3 IT staff, so solutions need to become increasingly sophisticated to hide the underlying complexity that is required to address the security threats of today. As a developer it is very easy to forget that the system administrator does have other things to do than look at your product alone! (And yes, I have been there…) So there is a real challenge to provide clear, understandable self service solutions to today’s increasingly complex security threats without requiring a team of security experts to install and maintain them.
The second topic that came up at both events is how difficult it is to protect information - if you don’t know anything about the information. What is its value to the organization? Who is accessing it? And from where? How is it being communicated? Where is it being stored? What should seem like an easy set of questions to answer is in fact so hard that very few organizations (I would say none) have anything but the vaguest idea about. The problem is further compounded by BYOD and the cloud, as the devices and IT have now moved away from the organizations control. When it comes to good information governance, organizations need to be able to understand the content and risk of the information they have no matter where it is stored, so that they can then manage and control it appropriately… and next generation cyber solutions need to enable them to achieve this.
Today I’ll be at the Cheltenham Cyber Security Conference. I’ll be sharing a journey through cyber-threats old and new and looking at some simple, but effective, approaches to combating them. For those of you that aren’t attending I’ll be sharing some insights in next week’s blog.