As I travel the world as the Unisys Chief Trust Officer, I get to meet a lot of executives from companies and governments around the world. To a person, they feel that they have fallen behind in security relative to the growing threats they face, and are struggling to keep up. The vast majority are still trying to keep up by adding more money to security budgets, and doing more of what didn’t work for them last year. It’s time for a change.
Most security budgets still focus on a failed concept of trying to keep malware out 100 percent of the time – while at the same time enterprises have morphed to include public clouds they don’t control, workers accessing from insecure homes and coffee shops, expanding use of mobile for a variety of core applications, and even suppliers that now need full access into your networks instead of just dropping boxes off on your loading dock.
We know now that a strategy like that can never work in today’s world. Employees will click on the wrong link, answer the wrong email, leave their laptop in a cab, make a mistake when coding or loading, or even be turned to the dark side with the promise of money or ideology. So we now KNOW that some malware will get in, regardless of how much money is spent. Enterprises require a new approach.
There are three new game-changing security strategies that can deliver on a new approach, that understands security must be effective without being perfect, that it must embrace modern technology like clouds and mobile and the Internet of Things, and must support the new business models of integrated supply chains and customer self-service. Not only can these new approaches deliver on this promise today, but they can do it while saving time, money, and precious security resources.
No security is perfect, so expecting perfection is a failed approach. Keeping your enterprise well segmented turns catastrophes into manageable security events; surfing in the sand dramatically reduces malware access that typically comes from web surfing or email clicking; and wargaming lets you know exactly what your real risks are and how best to address them. Each of these three should be part of an overall security plan, that includes a strong perimeter, employee education, and efficient managed security services predicting and watching for problems in time to adjust.
While the threats are real, significant, and now aimed at successful enterprises everywhere, it is possible to be confident with a modern security strategy that meets the challenges of enhanced threat, revised business model, and advanced technology. Be safe…