To deliver work quickly, employees often look for ways to cut corners. It’s not malicious. It’s meant in the spirit of gaining faster time-to-market, increasing brand awareness, meeting end-of-quarter goals, and delivering rapidly in a warp-speed world. We’ve all seen it time and again. What many employees don’t realize is that all those little indiscretions ultimately create a huge domino effect.
By Brendan McAravey, regional director: sub-Saharan Africa at Citrix
As IT leaders, we’ve seen first-hand just how much rounding off corners can seriously impact security. Just between 2017 and 2018 South Africans have been subjected to four massive security breaches:
* Liberty email hack.
* ViewFines licence details.
* Master Deed’s data breach “biggest” digital security threat in SA.
* Ster-Kinekor’s database compromised.
We’ve discovered and mitigated instances of shadow IT, seen files copied to USB sticks, revealed personal email used when it shouldn’t be, and applied fixes to a host of other common behaviours that make us cringe.
Taken collectively, little security workarounds put important things at risk — from confidential information to intellectual property to the health of applications and the sanctity of third-party information. And over time, the damage makes any corporation’s security perimeter look like Swiss cheese — full of holes.
Changing the Game
The good news is that these little indiscretions have forced us to get smarter about security. Many organisations now are changing the game by designing security around people. At Citrix we understand that the perimeter must evolve to be people-centric – threat-centric, network-centric, and app-centric designs alone do not suffice.
Given the number of credential-based attacks, we must look past the security provided by a series of gates and locks and look deeper at user behaviour — a series of detectors. What organisations need right now is a security solution that is developed based on user entity behaviour analysis. Such a solution will allow IT to know about threats and anomalies sooner and can respond quicker.
Securing an enterprise is a constant tug of war between user experience and user protection. Lock access down too much and both experience and productivity suffer. Conversely, relaxing protection too much increases the likelihood of breaches. Finding the right balance requires visibility, control, and protection of what we know — the end user — because taking an attack-centric approach to security leaves organizations navigating blindly, in a reactive posture and waiting for the next attack.
With a solid strategy and the right technology partner, organisations can put a human face on security, and if employees are given compelling apps, data, and services, they will be less likely to buy and use short cuts that could potentially sabotage an organisation’s business objectives.