IDC: changing tech landscape requires new thinking on security

IDC: changing tech landscape requires new thinking on security

Mobility, cloud and other factors obviates the idea of a 'perimeter'

Protecting users in today’s IT landscape requires a trade off between fullproof security and access, speakers at a recent IDC event argued.

“I want to make it clear that we see there is no way providing IT security and availability,” says Simon Piff, an associate vice president for enterprise infrastructure at IDC. “Any time you open a port in your firewall, you’re opening yourself to attack. It’s always some kind of a tradeoff and the question you have to ask yourself is what is your appetite for risk?”

Aside from the complexity imposed by trends like BYOD, the nature of hacking has evolved into a form of business itself. Still, the biggest threat to organisations is not exploiting weaknesses in technology, but social, with experts depicting data loss as a sin of omission or commission.

“The majority of cases that come to light regarding data loss have been idiocy,” says Piff. “Someone made a mistake they should not have made. People try to find ways to do things, but they’re not trying to break the rules. They just to make their jobs easier.”

For example, users in an organisation will be secured on company email, but may expose data to unknown threats or leakage when using devices or software outside the organisation, such as Dropbox or Gmail.

According to Piff, an IDC survey shows that New Zealand companies still see threats to their data as external, with 52 percent reporting hackers as a bigger threat than careless or hostile employees. Piff believes the bigger threat is the disgruntled ex-employee or the careless worker.

There is also a lag among New Zealand companies in executing security policies to prevent and respond to data loss. While 88 percent of New Zealand executives surveyed reported having a formal security policy, 49 percent don’t know if employees are trained in that policy.

The highest concerns among the executives was data loss, followed by access control, and injection of malicious codes and denial of service attacks.

According to NetIQ, a sponsor of the August 23 breakfast held at the Langham Hotel in Auckland, the concept of firewall perimeters is outmoded.

“The whole concept of perimeters is something we’ve been hanging on to far too long,” says Ian Yip, APAC product manager for identity, security and governance at NetIQ. “There really isn’t a perimeter. What cloud and mobility is forcing us to do is take our heads out of the sand and acknowledge we need to do something. It doesn’t matter who I am, it matters what I am. It actually matters if I’m the same person I said I was yesterday once I’m inside the network.”

Because most organisations do not dedicate an internal role for security means that resellers and consultants have an opportunity to fill that gap.

“Security is about saying no,” says Philip Whitmore - director, KPMG Security Advisory Services, which co-sponsored the breakfast with IDC and NetIQ. “Can they bring in their iPad? Can they download these files, or access this or that information. The answer is always no, no, no. And I think a lot of our businesses value that because it saves investment and having to do things, it protects us.”

But that is also not practical, so organisations once again must decide where they want to be on the access versus security spectrum.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments