BYOD Security Issues and Managing IT Infrastructure
Managing a company’s IT infrastructure in a BYOD world is fast becoming an overwhelming task. Users want anytime, anywhere access. Mobile device management and shrinking budgets add to the burden.
That’s the easy part. The most serious challenge in IT management today hovers just beyond the manager’s grasp — attacks that breach company security and steal critical data. With more data flying over the airwaves, and more mobile devices, the probability of compromised security rises. Hackers continue to find new ways to appropriate information of real value for auctioning to the highest bidder.
Mobility and portability have expanded the definition of security far beyond antivirus tools and a firewall to include BYOD security issues. Companies must adopt an integrated security model, one that combines intrusion defense, compliance, risk management, and corporate governance.
Survey Reveals Converging Concerns
But where to start? An IDG Research survey, The Security Landscape: Converging Waves of Pain, reveals the multiple, sometimes conflicting priorities IT managers must address. Mobile client and unmanaged device management tops the list of management concerns at 57 percent while controlling IT security costs follows at 40 percent. Close behind, 38 percent of executives are worried about the increasing sophistication of attacks and growing complexity of security solutions.
Learn more about CSC's Cybersecurity services.
How well companies manage these IT infrastructure issues depends on whether they’re playing defense or offense. 77 percent of respondents rated their IT security organizations’ ability to defend the perimeter as excellent or good. About one-half would assign similar ratings for maintaining real-time awareness of the changing threat landscape or correlating real-time security events to industry and government compliance policy.
Only 10 percent of executives felt their organization had the widest possible perspective on security activities, a level considered “situational awareness.” Almost half (46 percent) felt their situational awareness was only “fair” or “needs improvement.”
An Integrated Security Model
Lacking situational awareness, most security initiatives happen in reaction to an incident. This method of fire fighting usually results in a mixture of solutions that address only known weaknesses. However, as security becomes more complex, and the threat of the unknown grows, the need for an aggregated, integrated view becomes more important.
CSC’s three-tiered approach offers multiple layers of security response necessary, beginning with system-level security at the lowest level, security strategies at level two (correlating roughly to today’s point solutions) and situational awareness at the highest level. This integrated security model reduces complexity and cost while offering the insight companies need to make better decisions in governance, risk, and compliance (GRC).
Companies that strive to implement an integrated security model face several challenges. Competition for qualified security personnel is stiff and expected to increase. The rapid evolution of potential threats means security products and approaches will also continue to grow in size and complexity. And developing a team that collaborates for IT security, compliance, governance and risk requires commitment and resources that exceed the capabilities of many companies.
For these reasons and more, companies are turning to managed security service providers such as CSC to help them implement a holistic approach to security that elevates a company’s situational awareness and ability to prepare for new threats — before the worst happens.
Download the full report: The Security Landscape: Converging Waves of Pain.