With the enterprise edge being stretched out ever further by new working patterns and business transformation, IT security increasingly needs to be more flexible and extensible to cope with the growing threats of cybercrime and fraud.
Gemalto’s 2015 Data Security Confidence Index (DSCI) illustrates the challenges of this changing technology infrastructure. Not only do 30 percent of IT decision-makers admit their company has fallen victim to a security breach but 33 percent believe unauthorized users are still able to access their network. Also interesting, 34 percent are not confident in the security of their organization’s data in the event a breach takes place.
Crime involving computers and networks has cost over $445 billion annually on a global basis, claims a 2014 report by the Center for Strategic and International Studies.
Gemalto's Breach Level Index (BLI), claims over 1,500 data breaches led to one billion data records compromised in 2014 alone, (a 49 percent increase in data breaches and a 78 percent increase in data records stolen or lost compared to 2013).
Watchers beyond the wall
The transformation of enterprise IT means traditional protections such as firewalls or virus-checkers are no longer enough, driving an industry trend toward threat prevention and next generation security solutions.
Confounding the challenge of protecting against these threats, IBM’s 2014 Cyber Security Intelligence Index found that 95 percent of all security incidents involve human error.
However, just 10 percent of enterprises and government agencies have upgraded to next-generation security solutions, such as firewalls that detect and block threats at the application level, or security-focused big data analytics implementations, according to FBR Capital Markets analyst, Daniel Ives. “The market for those software tools could be $15 billion to $20 billion over the next three years,” he says.
When it comes to the next generation enterprise, reliance on old generation security protections presents an amplification of existing threats. Take passwords. One recent survey found that 70% of 2,000 people in the UK and US don’t trust their password to protect them, and phishers are becoming increasingly adept at tricking less security aware users into sharing them.
In this scenario it really makes sense to deploy layers of security around every enterprise asset, multifactor authentication and Identity Federation are two keys to the emerging FutureSec castle.
(Identity Federation is a little like a Facebook login for enterprise users in which authentication is shared between different domains, enabling users from multiple firms to access the information they need).
Multifactor authentication – such as encouraging use of a strong password along with biometric identification (a la Apple Pay) and/or geofencing or IP-address-based security checks is one way to achieve this. It sounds counter-intuitive but given so many people use the same password for everything they do, offering rock solid protection via one strong form of authentication makes much more sense.
“Passwords or tokens are easy to change while it is compromised. But, biometric traits are inherent and fixed forever, that is, the biometric data is irrevocable,” wrote academics in a paper published in April.
Work remains to be done. "Organizations still place too much emphasis on perimeter security, even though it has proven to be ineffective", says Tsion Gonen, Vice President of Strategy for Identity and Data Protection at Gemalto. "Decision makers should place greater importance on customer data, and look to adopt a 'secure the breach' approach that focuses on securing the data after intruders penetrate the perimeter defenses. This means they need to attach security directly to the data itself using multi-factor authentication and data encryption, as well as securely managing encryption keys. That way, if the data is stolen, it is useless to the thief."
The problem many enterprises face is not that they are unaware of the threats but that they are underequipped to do much about them. Over 209,000 US cybersecurity jobs remain unfilled, according to a Peninsula Press (a project of the Stanford University Journalism Program) analysis of numbers from the Bureau of Labor Statistics. And worse is to come; demand for information security professionals is expected to grow by 53 percent through 2018.
This means that by 2018, Gartner anticipates many enterprises will outsource at least some of their security needs – employing data protection, security risk management and security infrastructure management firms to boost their own internal efforts.
In order to offer a solution, Orange Business Services and Gemalto recently joined forces to integrate Gemalto’s SafeNet Authentication Service with Business Virtual Private Network (VPN) Galerie, the Orange Business Services secured cloud hub. This means enterprises gain access to a unified solution that offers seamless multi-factor authentication capability for all of their corporate applications, infrastructure and cloud services.
Read more about how Orange Business Services can boost your enterprise security.
Jon Evans is a highly experienced technology journalist and editor. He has been writing for a living since 1994. These days you might read his daily regular Computerworld AppleHolic and opinion columns. Jon is also technology editor for men's interest magazine, Calibre Quarterly, and news editor for MacFormat magazine, which is the biggest UK Mac title. He's really interested in the impact of technology on the creative spark at the heart of the human experience. In 2010 he won an American Society of Business Publication Editors (Azbee) Award for his work at Computerworld.