IT Security in 2014: How You Can Protect Your Business Posted on May 22, 2014 by Tim Burke Most security experts — including ours at Quest — will tell you that it’s no longer a question of if attempts to compromise your data, apps, and/or technology infrastructure will happen, it’s now only a question of when. So what can you do to protect your business in this age when it’s so tough to distinguish between trusted and threatening network traffic, when there’s no longer such a thing as a secure perimeter around your data, when the “attack surface” has never been greater? Security threats as a business risk Sadly, no one solution or tool can protect you. But thinking of security threats as a business risk that must be addressed can help. My advice: Get better at aligning your security operations and your business objectives. This begins with the realization that not all enterprise resources can be completely protected. So you need to prioritize. Develop a holistic, threat-centric security strategy designed to address today’s full attack continuum and provide continuous 24/7 response. This means embracing new technologies, simplifying your IT architecture and operations, seeking out expert security help, and committing to training employees in security awareness. In particular, deploy technologies that provide visibility across the entire range of potential attacks, which requires that you know what IT assets you have. This involves establishing and enforcing security policies and access controls. These should focus on what everyone in your organization should do before, during, and after an incident, and they should be tested and revisited regularly. Your security strategy should also prioritize using tools that deliver realtime analyses of suspicious activity (e.g., security information and event management [SIEM] capabilities, which detect activity patterns/anomalies, and event correlation tools that aggregate and correlate information from other security tools like vulnerability and intrusion monitoring systems). If your employees use smartphones, manage them with a mobile device management tool that can update them as needed, wipe your data from them when they’re stolen, etc. Understand that levels of trust associated with networks, clouds, devices and individuals must always be dynamically evaluated. Encrypt your data, no matter where it is (i.e., moving on a network, sitting in a cloud, stashed in a data vault or taking a ride on an employee’s smartphone). Do not be daunted! Unless yours is a fairly large enterprise, you may struggle to find the kind of expert help you need to achieve the security stance that today’s information technology environment requires. Fortunately, that’s no longer a reason to decide you’re doomed — because the right independent security advisor can provide the leading-edge, always-ready security services and solutions you can trust to protect your business in these risky, fast-changing times.