Currently, there is a strong pursuit towards common standards in business, driven by the want for equality. It’s a characteristic that can be see across the business – from HR to Finance. However, as Charles Sweeney, Bloxx CEO recently argued in this article for IT Security Guru, when it comes to security equality is lacking…
“It might not seem like such a big deal, after all no harm, no foul right? If we lived in a picture perfect world, then perhaps this would be the case. But we don’t. We live in a world where cyber criminals are always seemingly one step ahead, constantly evolving their methods of attack and actively seeking vulnerabilities.
As a result, there is a real and present danger that these ‘idiosyncrasies’ introduce business risk. Often people don’t realise that there is disparity within the organisation until someone asks them to drill down into their BYOD policy. BYOD might seem like easy pickings, but it is a perfect example of how inequality in security policies can create vulnerabilities. For example, employees might not use their device whilst at work, but they could well prefer to do their lunchtime web browsing on their smart phone. Is that device on or off network? Do the same rules apply to the content and websites that they are able to access? If not, what is to stop them accessing something inappropriate, flashing it around, someone getting offended and shooting off an email to HR?”
The deficiency of equality in security isn’t only due to variation of devices; different rules often apply to different groups within the organisation. The problem with this is, as Charles explains, danger is everywhere…
“Regardless of whether it is a device on network that shouldn’t be or a CEO clicking on what they believe to be a reputable site with the best of intentions. The fact is, danger lurks everywhere. They could unwittingly open the door for a piece of malware to sweep the network. Yet at a different site, it might never have happened as either access would have been restricted or if a technology deployed on the front line to protect the organisation.
Clearly a fragmented policy is better than no policy at all, but the fact remains that inequality is rife within organisations, especially those with mobile workers and/or multiple locations because they lack the ability to centrally manage and apply policies. As companies look to embrace the cloud, this risk becomes extrapolated across even more potential touch points. Companies need to be able to centrally manage and apply policies. The danger is that if you don’t have a helicopter view how do you know that if you address a vulnerability at one location, you don’t introduce a new one at a different office?
There are several good reasons why equality is a strong human emotion. But one of the most critical is that is that it protects us. Amongst all the daily hype security teams have to wade through, equality is a strong guiding principle for a robust security policy.”
How do you think greater equality can be introduced to the security realm? Let us know on twitter @Bloxx.