Freely subscribe to our NEWSLETTER

Recent security breaches not only represent public relations nightmares for the companies involved and identity-theft concerns for their customers, they are also a reminder of the vulnerability of computer networks. And the latest security snafus have reopened an age-old debate: is security primarily a behavioural or a technology problem?

“It’s very easy to lose sight of the fact that fraudsters will always tend to gravitate towards the easiest system to crack,” says Andy Cordial, Managing Director of UK-based security specialist Origin Storage. “Put simply, this means that if you make it difficult enough for them on your own firm’s IT systems, they will go elsewhere.”

Technologies can provide a highly cost-effective solution to securing both data at-rest and data that needs to be moved around, including across and even outside the office – and good security, Cordial argues, is all about deploying the optimum security for a variety of situations. With a centralised database, there may be an argument for the use of multi-level authentication technology alongside encryption, meaning that even if the encryption system is broken for whatever reason, access to the data can still be restricted. And when IT staff have to move data around on a portable basis, perhaps for backup purposes, they can use multi-level security.

“Most security professionals understand that a multi-layered approach can be the best option,” he says.

Ray Stanton, Executive Global Head of BT’s Business Continuity, Security and Governance Capability Unit, agrees with the idea of a multi-layered approach, but insists that security is about assessing risk, not just vulnerabilities, and that often an organisation’s biggest risks lie within the workforce.

“Organisations are under threat as much from their own people and processes as they are from external fraudsters, hackers and thieves,” he says. “Even simple mistakes can have damaging consequences – wiping out valuable data, for example. If your processes aren’t right, you could be failing to meet legal or regulatory requirements in a way that could prove very expensive indeed.”

For any company, but especially for large corporations with a global reach, customer and brand confidence is critical, and the key to maintaining and enhancing this confidence is to manage company risk postures effectively. To do this, says Stanton, you need to look at your business top-to-bottom and from every angle.

“You need to put the right measures in place and not just pay them lip service. This means beginning with a strategy that is aligned to the current business plan and objectives because this is an imperative to success. From this hangs your framework for building sustainable, repeatable projects that flex and grow with your business – being able to manage whatever and whenever something is thrown at it.”

Such an approach means that when something goes wrong, the organisation has the fundamental processes and constructs in place to deal with it. Stanton likens it to the philosophy of South African professional golfer Gary Player. “He liked to say, ‘Isn’t it lucky? The harder I try, the harder I train, the luckier I get’. That’s exactly the approach that we need to have to security.”

Indeed, research from IT analyst firm Quocirca shows that security has never been far from the top of the agenda of CIOs and the businesses they serve. “This is not just because of all the high profile breaches and data losses, but because businesses know that whether the like it or not, the use of cloud-based services is becoming pervasive,” suggests Bob Tarzey, Analyst and Director at Quocirca. “And whatever the reality, the biggest concern this raises is the security of data.”

As such, managing and securing third-party data is a topic that will no doubt be top of the agenda at the NextGen Security Europe Summit 2011, which takes place from 14-16 June at The Oitavos, Cascais in Portugal. This closed-door summit, hosted by GDS International, features some of the leading voices in the US financial services technology sector, including Chris Van Den Brink, CISO at Akzo Nobel; Rainer Kessler, Group Information Security Officer for UBS; Rolf Hafner, CISO at Volkswagen; and Mark McFadyen, Global Head of Information Security at Royal Bank of Scotland. Analyst partners Quocirca will provide additional insight on a range of topics, including end-point security.

Along with addressing workforce-related information security risks, other key topics for discussion will include dealing with the adoption of cloud and virtualisation technologies, tackling the social media explosion and how to manage – and secure – an increasingly mobile workforce.

NextGen Security Europe Summit 2011 is an exclusive C-level event reserved for 100 participants that includes expert workshops, facilitated roundtables, peer-to-peer networks and co-ordinated meetings.

For more information, visit www.ngsecuirtyeu.com

GDS International is a leading business-to-business events company. We offer financial, healthcare, IT service management, telecoms and oil and gas summits for senior executives throughout the Asia Pacific, Africa, China, Europe, North America and Russia markets. Our value proposition is simple: we deliver real results. And we’re very good at it. www.gdsinternational.com