With the technologies advancing, information security threats are becoming more sophisticated and damaging. Long gone are the days when hackers launched threats that were raucous, indiscriminate and randomly disruptive. Today’s threats are the work of disgruntled employees, cyber criminals, or individuals working collaboratively motivated by profit. Key security challenges to today’s business are summarised below
»
Access to applications or network resources
by unauthorised users
through unauthorised machine
through compromised end points
»
Stealing sensitive information from insecure communication channels, uncontrolled devices and communication ports of the corporate ICT infrastructure
»
Increasing problem of identity and information theft online due to the availability of various sniffing tools
»
Compromise of security credentials (stolen username and password, breaking weak passwords etc.) for gaining unauthorised access to business applications
»
Unauthorised usage of unlicensed software, freeware and shareware
»
Unauthorised communication packets from end systems clogging the network bandwidth
»
Proving the accountability of an incident or transaction
»
Information Security Management
Handling multiple islands of identity information
End users having to remember different passwords to access each application
Password policy breaches and increasing helpdesk calls for password resets
Managing the lifecycle of security tokens and smart card terminals
The security challenges of the day are aggravated with numerous end points through which the applications are accessed. Though the server is adequately protected and the application is allowed to access from a compromised machine poses a grave threat to the confidential details about the application access such as authentication details session information etc. Hence it is very important to assess the end systems also before allowing access to the critical applications.
In addition to the above challenges faced by the organisations, many governments are coming up with more regulatory compliances and security guidelines, for example, in Malaysian context, Cyber Security Malaysia is urging organizations to implement 2/3 factor authentication mechanisms leveraging Biometrics to secure access, MyMIS lays a strong emphasis on policy controls, to ensure confidentiality and integrity of the information.
Security Strategy
To address the security challenges, organizations would like to ensure that only authorized users and machines are accessing their critical business applications and data resources while ensuring the confidentiality and integrity of information exchanges. Moreover business challenges and statutory regulations are forcing today’s organizations to go for integrated and centrally managed security infrastructure that can verify the authenticity, integrity and non-repudiation of transactions performed online, in addition to strengthening the user identification and authentication strategies, in a manner that enables them to provide clear legal framework for the online transactions being performed. Globally, organizations are adopting proper implementation of multi-factor authentication for providing the secure access to their networks and business applications, by leveraging the strengths of the technologies like smart cards, biometrics, and PKI in an effective manner that forms basis to achieve the desired levels of security for their networks and business applications in addition to complying with the statutory regulations imposed by the local governments.
This business situation is forcing today’s organizations to provide access to their online resources or services through business applications which are integrated more tightly with the security infrastructure. As the security requirements of organizations are dynamic in nature due to frequently emerging newer threats due to frequent changes in their business models, the organizations’ security infrastructure shall be able to adapt to these dynamic security requirements quickly. For example, till recent times, application security is typically hard-coded and maintained with in each individual application, which resulted in increase in the cost of managing the security. In addition, organizations are not able to cope up with the changing security needs in time. This scenario is forcing organizations to build an open, flexible and cost-effective security infrastructure that would enable the organizations to implement the frequently changing security policies quickly without compromising on the strength of the security of their business applications.
An integrated and centralised security platform addressing these requirements, is becoming the need of the hour for the organisations managing ICT networks, which are very critical for the success of their business.
