November 2012
Coping with Today's Security and Compliance Challenges
By Ian Kilpatrick,
Chairman of Wick Hill Group
Wick Hill Group are specialists in secure IP infrastructure solutions and convergence.
A greater range of threats, more complex threats, and how to deal with these threats on a limited budget, with static staff numbers, are some of the issues faced by organisations today.
The challenges include compliance and licensing, as well as a host of security issues around areas such as ever-increasing remote access; the growing number of mobile devices; virtualisation; convergence; wireless; data loss; and the consumerisation of equipment.
A variety of solutions is available to deal with these threats.
SIEM (Security Information and Event Management) solutions are invaluable because they provide an overview of the security situation throughout an organisation, with focused reporting, which includes logging-on activity across the network. SIEM systems can actually create actions based on behaviours.
In an environment with limited budgets and limited staff, SaaS (Security as a Service) can shift compliance, security and reporting costs from CAPEX to OPEX.
Employees are increasingly using their own phones, tablets, laptops, and PCs (consumerisation). How can companies manage all these devices, so that they fall within the company security policy and can be monitored for compliance purposes, tracked and licensed. Mobile device management solutions provide an answer.
Virtualisation has provided major cost savings, but security has lagged far behind. Most deployments lack virtual server or desktop security and are very vulnerable. In some cases, licenses don’t match deployments.
Wireless use is increasingly user driven. This puts pressure on organisations to support it, with the associated compliance and security issues that entails.
The new wireless standards are driving change even faster. Early adopters are looking to upgrade low bandwidth, and often low coverage, deployments. New adopters are looking for high density, high coverage networks, with inbuilt network and user security, and reporting.
Data loss is still an issue and can easily be minimised by simply improving authentication and employing encryption. Simple passwords have been essentially inadequate for at least a decade and rapidly-changed complex passwords are impractical. 2-factor authentication is a better option.
There are many encryption solutions for static and mobile data, ranging from “PC on a secure stick” encrypted flash drives, encrypted external hard drives and encrypted optical discs, as well as encrypting data on SAN devices.
The range and complexity of compliance and security challenges has multiplied in the last year. The challenge and opportunity for organisations is to cost-effectively manage these challenges, while gaining commercial advantage.
Bio of author
Ian Kilpatrick is chairman of international value added distributor Wick Hill Group plc, specialists in market development for secure IP infrastructure solutions and convergence. Kilpatrick has been involved with the Group for some 35 years. Wick Hill supplies organisations from enterprises to SMEs, through an extensive value-added network of accredited VARs.
Kilpatrick has an in-depth experience of IT and unified communications (UC) with a strong vision of the future. He looks at these areas from a business point-of-view and his approach reflects his philosophy that business benefits, ease-of-use and cost of ownership are key factors, rather than just technology. He has authored numerous articles and publications, as well as being a regular speaker at conferences, exhibitions and seminars.
Further information available from www.wickhill.com
