printer friendly version

Effective edge security needs to be holistic

Over and above the hacks perpetrated by so-called ‘bad actors’ that make the headlines all too frequently, organisations nowadays have to deal with highly tech-savvy millennials entering their business environments. The modern paradigm requires that a holistic and layered approach be adopted to secure net-works from breaches at the edge, in the view of Mayleen Bywater, senior product manager at Vox.

Mayleen Bywater.

“As we’ve seen in the news, people have been able to get into networks through things as innocuous as printers and other devices we find around our home and office environments. Edge security in terms of IoT (Internet of Things) devices is really about empowering clients to have control over their data, and understanding exactly what’s connecting in, where, and how. This requires them to have stricter control over their asset management, so that not just any Tom, Dick or Harry is able to connect to their network without going through their IoT provider,” she says.

To this end, it is vital to build robust systems that can detect breaches, and then manage those policies and make sure that best practices are in place to address issues quickly and forcefully, but with specific boundaries and set controls that can be enforced. “You also need to make sure that your edge network security is built in such a way that, should someone try to get in, you have the correct tools in place to ensure a layered approach that will give you a pro-active defence. This means if someone does manage to penetrate your network you are able to mitigate, manage and remediate the breach.

“It’s not enough to have just one tool or system in place, the layered approach must be holistic at the various entry points into your network or organisation. This extends from your network to email to devices and appliances like air conditioners – anything that’s IoT based should be able to trigger an alert that is registered and that can be actioned,” Bywater continues.

Generation gap

Catering for users of different ages is particularly challenging, given that the gulf in technical know-how between the generations that comprise a typical business environment has never been wider. Bywater asserts that while you don’t want to alienate the less tech-savvy users, it’s also important not to squander the fresh ideas and new approaches the younger generation brings to the table.

“Change control is something most people don’t like and don’t embrace easily, yet the younger generations tend to go with it because that’s how it’s always been for them – everything changes in the blink of an eye and you need to be able to adapt quickly,” she says. “To account for this diversity it is important to have best practices and processes in place, and to communicate them to the end user in such a way that it is understandable and therefore easier to embrace.

“If someone is punching their details into a printer, you want them to have the confidence that they don’t need to stress about whether someone will hack into that machine, copy the document they’ve scanned and leak it across the network, because they know their IT team has their best interests at heart and they’re doing consistent scans and network checks to make sure that nobody’s getting into that data.”

Management’s role

While upper management execs have sometimes been accused of not adequately understanding or acknowledging their IT departments’ concerns over cybersecurity, Bywater believes the latest hacks have been so high-profile that the issue is taken more seriously. “As much as you can have the best firewalls, the best network security, best edge asset management, if your staff aren’t on board and security conscious down to the company culture level, you’re still going to have some loopholes that somebody will try to get around – just because they can, it’s human nature.

“Businesses must have these things properly documented and have a plan in place to do consistent training, or risk having problems down the line. So a lot of businesses (and we’re trying to embrace this on our own platforms) are placing an emphasis on how to train people more effectively, but in such a way that they can test the waters and actually report on simulations,” she explains.

“If the IT department sees something that’s not right they should be able to report it efficiently so something can be shut down, for example if they see a thermostat’s temperature rising they can report it quickly so someone can address it. We need to get away from that nonchalant attitude that ‘it’s not my problem.’ Security is everyone’s problem and we need to start to embrace that, right down to every person that works in an organisation.”

Security 360

Vox offers a security 360 strategy entailing a full network solution which includes perimeter, email, endpoints, backup etc. and is suitable for SMEs to larger enterprises. “We have a skilled technical team that can help guide, manage and look after any environment, as well as set up security sessions with our customers on a quarterly basis to help guide them and map those best practices mentioned above,” says Bywater.

“One of our newer products, in conjunction with Mimecast, involves doing training sessions and simulations with our clients where we can test their security posture and whether their end users are actually aware of the security risks they pose to their businesses, in order to nurture a security conscious culture. In that way everybody is collaborating to shut down these perpetrators, whether they like it or not.”

The company also offers a backup solution to provide peace of mind that if anything does go wrong, its clients can easily restore their data and get systems and services up and running quickly and seamlessly. “All of this combined gives the client a complete strategic positioning. We can also help them with vulnerability testing and checkpoints to make sure those systems are all completely in line,” she concludes.

For more information, contact Mayleen Bywater, Vox, +27 87 805 0000, mayleen.bywater@voxtelecom.co.za, www.vox.co.za

Share this article:

Further reading: