Security is a far broader subject than just Cyber Security… or is it?
Security as a whole can be considered both physical and digital security. In general, security covers:
• Prevention – This is the area that gets most attention for the reasons I will discuss. Effective digital prevention means physical attacks become more attractive.
• Detection – This is any breach in the security and requires a level of understanding of what is normal and what is abnormal. Logging and monitoring helps to understand what is abnormal.
• Responding – This is how to respond to automatic or manually detected threats, requiring security teams to analyse the root cause of the threat.
• Remediate – These are automatic policies and procedures which offer a way to quickly isolate and remediate the problem. The quicker this is done the more likely the impact is controlled.
I have been involved with several security clearance briefings in my time and one in particular stuck in my mind. During the brief the person conducting the session asked, “What or who do you think is the biggest threat to security?”
Various answers were offered from state actors, to hackers and various forms of phishing, all seemed very intelligent answers. The person replied “You. You are my biggest threat to our security.” Which obviously sounds quite threatening.
If you think beyond the shock of the statement, unknowingly or knowingly, people are the biggest threat because we are emotional, unpredictable and unaware of the tricks that others play on us. We all think that we are immune from this, and this can be our biggest failing.
Well designed cyber security in the cloud has some of the safest, most up to date and sophisticated security of any IT systems. They also have physical security protecting the physical data centres where the cloud computing servers are stored. Yet people question whether the cloud is secure, without understanding what security really means.
Isn’t it easier to get someone inside a business to get that piece of information than try and hack through layers upon layers of well architectured cloud security? Maybe cloud computing might be exactly what your enterprise needs.