classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018


Using tomorrow’s tools to solve ­today’s security problems
November 2018, Access Control & Identity Management, Cyber Security, Integrated Solutions

Organisations that do not have a clear longer-term security roadmap in place are putting themselves at risk of being compromised. The companies are already investing in tomorrow’s tools to solve today’s problems that will survive the ongoing onslaught to circumvent security solutions. This is the view of Jon Tullett, research manager – IT Services for sub-Saharan Africa at International Data Corporation (IDC).

Jon Tullett.
Jon Tullett.

“The first step in creating this roadmap is to start getting their security under control,” he says. “This includes using analytics for behaviour anomaly detection at both a network and user level, gathering the data to do baseline profiling. While that is the type of thing we are already doing today, many organisations are still not doing it with a long-term view in mind.”

To get their security under control, organisations must consider technologies that play to the cloud and be prepared to evolve with the technology. User awareness and training also remain key fundamentals that are receiving enough attention. “At the moment, training budgets are horrifically small and that must be addressed. Start by spending the money, but more importantly, evolve that training over time.

“Today, the breach is a credential theft or phishing attack. Companies that tackle that, and really invest in training, see tremendous reductions. A good example of this is Google, which combined good training with two-factor authentication for all their internal services and, since they’ve done that they’ve had zero phishing cases, but now they’ve moved on,” says Tullett.

Granular access rights

He says once organisations have this under control and have done the risk assessments required, they must start devolving those rights. “Break it up and create far more granular access controls. Create accounts which can only do very specific tasks, so that if they are compromised, the damage the hacker can do is limited. That also means that you have to start evolving the technologies that you’re using to ones that support this. While it can be a pain to do it on some platforms, it is usually baked into modern cloud platforms. The key here is to ensure that should you need to revoke access on mass, you can do it.”

The next step is to roll out two-factor authentication much more aggressively. “For users that may mean a token, mobile authentication or something similar and for system accounts it will probably mean digital certificates. Whatever it may be, start to improve your authentication. Once you have that in place, you really want to be on top of activity management. So, looking at what accounts are doing what.

You can’t really do this until you have your accounts consolidated and organised, but you want to know everything that an account does in a very standard format. That allows you to feed the information into an engine and get an activity report back when something goes wrong, so that you can identify any anomalies and address them quickly.

Cloud evolution

He believes that within the next two years, most of this type of anomaly detection will be happening largely out of the cloud. “This is going to happen alongside your evolution to cloud. The AI platforms in the cloud are maturing very fast, so within the next couple of years we’re expecting to see an awful lot of cloud services just plugging AI in because they can. So, there will be a lot of machine learning happening and, further down the line, we will see people looking at how they can use that to optimise and automate,” says Tullett.

“In the longer-term, organisations will also start looking at automation, where an anomaly will be detected, and automatically investigated and remediated. While it will take a couple of years for this to happen, organisations must include this in their security roadmaps. Today’s problems are that you need to start getting your identities under control and doing better analytics, but tomorrow that same platform is going to be your machine learning platform and is going to be a complex, better managed identity platform that will do a lot more things.”

He points out that the criminals also have a roadmap and it is often more advanced than those of organisations. “They know what technologies are coming, they are getting the required skills in place and are already looking at how to use the technology for various purposes. They are following a roadmap and if you are not doing the same, they are leaving you behind.

“You must remember that these are career criminals, this is what they do for a living, and so, if you make it impossible for them to phish, they are going to find something else to compromise. What they are doing will evolve in response to you. If we can eradicate phishing, that’s great, but that threat is going to move to something else and you must be willing to keep following that path.”


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Directory of access and identity management suppliers 2019
    November 2018, Access Control & Identity Management

  • Open source identity initiative
    November 2018, Access Control & Identity Management
    Industry-first open source identity initiative promises to eliminate vendor lock-in and reduce costs for governments around the world.
  • Significant differences in ­perceptions on state of digital trust
    November 2018, CA Southern Africa, Access Control & Identity Management, Security Services & Risk Management
    Nearly half of businesses admit to selling customer data, despite claiming data ­protection as paramount; consumer behaviour shows strong correlation between loss of business and lack of digital trust.
  • Trust but continually verify
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Hi-Tech Security Solutions looks at access and identity management and asks some industry players what ‘zero trust’ and ‘least privilege’ access means.
  • Managing who, what and why
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security
    Today’s access control isn’t only concerned with who has access, but also what has access, why they need it and what they are doing with it.
  • Physical/logical convergence
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
    The convergence between physical and logical (or cyber) security will be a game-changer because it will change the way we do everything, from planning to design and all the way to installation and maintenance.
  • Physical and logical convergence is a fact
    November 2018, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
    Convergence, the next buzzword? A dated buzzword? Is convergence ­merely ­integration on steroids? What is convergence?
  • The expanding role of IT in access control
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    What role is IT playing in the world of physical access control and how far will its role expand in future?
  • Taking augmented identity to the world
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Hi-Tech Security Solutions spoke to Gary Jones, VP Global Channel and Marketing biometric access and time solutions) at IDEMIA (formerly Morpho) about his career with the company and its new vision of Augmented Identity.
  • A scan of fingerprint biometrics
    November 2018, Technews Publishing, Access Control & Identity Management
    Given the increase in the use of fingerprint technology in public and private organisations, as well as some recent announcements on the reliability or lack or reliability of certain types of sensors and algorithms in the fingerprint biometric market, Hi-Tech Security Solutions spoke to some of the leading fingerprint biometric vendors in the market to find out more about the state of this market.
  • BIMS set to change identity ­management
    November 2018, Technews Publishing, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Local biometrics integrator, Ideco Biometric Security Solutions, has announced that its Biometric Identity Management System (BIMS) has been launched to market.
  • Tracking biometrics into a brave new digital world
    November 2018, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    The industry is increasingly transitioning from unimodal to more integrated multimodal biometric solutions for more accurate identity verification and faster real-time results.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.