Bloggo back to the blog
Top 6 Recommendations for Planning Your Security Strategy In 2012-->
Until last decade, IT Security was struggling hard to gain its interest from enterprises in terms of resources and budget. However, today with the increased focus on security, enterprises are now willing to spend more on forming a rigid strategy to secure their IT infrastructures and apps. Rather than forming a short term tactical strategy and becoming the headline in the media for the wrong reasons, they are now looking at building a long term plan thus integrating security parameters with their business plan. Following are few recommendations are worth incorporating in an enterprise’s security strategy for 2012:
1) Build a devise to leverage cloud services: The cost benefits that cloud offer are too compelling to resist for any enterprise. The fact that cloud involves risk pertaining to data security and accessibility over public cloud cannot be ignored. But this should not stop one from approaching and exploring the opportunities lying within cloud. Enterprises can always raise the concerns regarding regulatory issues and data security with the cloud service provider. Today many service providers are ready to get their cloud assessed by a third party testing vendor so as to gain confidence of their client.
2) Avoid blind patching to code reviews: Traditionally, applying test patches was considered as the only tool for vulnerability control management. On one hand, patching is an effective solution to overcome the bug on one part of code, but at the same time it creates more vulnerability on the other dependent parts of code. Hence, enterprises should start spending more time on code review and regression testing when opting for patch management as a tool in their arsenal.
3) Adopt preventive techniques rather than detective approach: Needless to mention, enterprises are undergoing major technology transformations. They are trying to adopt techniques where they can identify vulnerabilities in first place and kill it so as to avoid any further consequences. As a result, organizations are moving away from reactive model to a preventive security model.
4) Adopt social media technology but cautiously: Forrester’s survey shows increase in the number of people accessing social media Web sites every day – the numbers have jumped from about 11% in 2008 to 30% in 2010. On one hand, social media technology increases the risk of malware infections whereas on the other hand it helps you create viral marketing campaigns to promote your products and services as a brand. Social media policy varies from enterprise to enterprise based on their strategies and security compliances. In order to secure the sensitive information and minimize the risk, implement proper monitoring mechanism and configure firewall to the best possible configuration.
5) Build secured platforms to support mobility apps: With the introduction of devices like tablets, Smartphones, etc. the risk of theft & data misuse has also gone up. The success of enterprise would now depend on its ability to secure the sensitive information off the devices permissible access.
6) Work closely with your third party vendors and engage security professionals in vendor management: Vendor management has altogether got a new definition these days. They have got more access to company’s information than ever before. Hence deciding on the information access rights for each of them is a very important decision. Just having a clause in security policy is not the solution and doesn’t ensure you the protection from information leakage. Categorizing the vendors as per their needs and permission to access the information and installing a monitoring mechanism would definitely be an effective solution.