The rapid advancement and adoption of mobile technology and the trend of ‘bring your own device’ have added new layers of complexity to protecting organisations and devices at work, says security technologies company BT Africa information technology (IT) security head Alessandro Postiglioni.
“Creating security systems with digital technology is about creating the right balance between meeting demand for mobility within a business while protecting the business’s core data assets. When deploying a digital strategy, businesses need to adopt a more proactive approach to security.”
From a digital technology point of view, he notes that the changes in office and business security have been transformative. In trying to stay ahead of rapidly growing cyberthreats and continuously adapting to the latest disruptive technologies, the security protocols, processes and solutions of businesses also have to adapt to keep them protected, he adds.
Postiglioni explains that, when mapping out a security strategy, the first aspect that businesses need to understand is that the scope of security systems needs to expand to cover a range of devices and access points. This is owing to how the digital era is changing the way in which global and remote offices, as well as workers, are being connected to the network system of a business.
“Security can no longer focus only on protecting physical and virtual assets within the confines of the brick-and-mortar office. Theft of office equipment presents a potential financial loss, but can also lead to private or sensitive information being leaked, or even the continuation of services being affected,” he states.
He explains that this is why digital security needs a good on-site security solution. A complete security strategy needs to reflect the interdependence of physical and virtual security, and the importance of having the systems linked to each other.
The best practice for a business to have when creating a security system is a coordinated and integrated security model that unites information technology and physical security for the best assurance. By having a single view of cyber and physical security operations, physical security can be handled through field-based IT staff, a central control centre and an access control team.
He points out that cyber defence operations act as the front-line against IT threats using a security operations centre, a computer emergency response team and a unit dealing with abuse over the network.
“Meanwhile, specialist cyber operations can act as a nerve centre for proactive network defence, monitoring incoming threats and devising strategies to stop information assets from being compromised.”
Risks and Advantages
Postiglioni explains that each type of security model has its own risks and advantages. Having a good digital security solution can prevent cyberattacks; however, if a data storage device is physically stolen from a business, depending on the level of access this device has been granted, the entire secure business network may be compromised and at risk of illicit access.
However, from a data-protection perspective, solutions to physical burglary can include a good on-site infrastructure or firewalls, network security and cloud security as well as cloud-based virtual private network.
“Each solution holds advantages and has an important role to play in the bigger picture. The reality is that there is no single or standalone solution that offers all the protection needed against all forms of physical and virtual attacks or losses. It’s not just as simple as buying the latest firewall or an intrusion prevention solution,” he adds.
If office equipment is stolen, or the private devices of employees that are connected to the organisation’s network are stolen, it may not be possible to retrieve the stolen hardware, however, with the correct digital security measures in place, unauthorised access to private and sensitive data, or the broader network, can still be prevented, he concludes.