For decades, Australian organizations have spent billions of dollars—both in time and money—researching and deploying the latest cybersecurity technology.
Despite the industry being on high-alert and making progress in deploying modern security solutions, many businesses and government agencies are still lagging in IT practices and policies; granting both staff and non-employees excessive access to their networks by default.
Last week, at the Gartner Security & Risk Management Summit in Sydney, I spoke about the need for businesses to adopt a purpose-driven access model. This ensures staff are not automatically granted an “All-Access Pass” whenever they login.
It’s a simple, but effective, way of evolving security, yet “access” is one of the most outdated enterprise IT practices. Namely, businesses are still not being prescriptive enough with respect to who should access certain applications and data sets, and for what purpose.
I’m not suggesting everything needs to be kept under lock-and-key; that would be counterproductive. We also don’t need to monitor employees checking the weather or news. But certainly, additional credentials must be required to gain access to more sensitive data, such as personal identifiable information, intellectual property or information relating to regulatory compliance.
Again, this is not a new concept. We already do this in the physical world; government buildings with sensitive information require identification and a level of clearance for admission. The same should apply in the digital world.
But with the plethora of cyber-security technology and tools available, where do we start?
The short answer is Virtualization. By deploying workflows that use virtualization and containerization technologies, businesses are better able to isolate, group and share sensitive information, providing a highly granular level of control over the end-user experience.
What’s more, the advantages in using virtualized desktops and apps end-to-end means data remains in the data center within the protected realm of the Cloud and not saved—unprotected—on an end-user’s device or shared via insecure means.
Virtualized applications can be published by an organization to dictate data sensitivity, specify how data can be shared, who can launch applications and what systems are allowed to communicate with each other. This means sharing sensitive data via email in a virtualized environment can remove the capability to copy and paste text into email from untrusted sources, helping to reduce data leaks.
Recent breaches around the world send a clear message that malicious individuals will always try to find creative ways to steal data. While there’s no way to completely prevent data theft from occurring, with the right barriers, hurdles and obstacles in the way, you are no longer, by default, such an attractive and open target.
To learn more about how my team at Citrix and I are helping organizations successfully implement security, compliance, risk and privacy strategies, feel free to get in touch. We love a good challenge and the opportunity to evolve security strategies through virtualization and containerization.