In order to best defend themselves, security team should first gain visibility into what they have and what needs to be protected. “Putting a process in place that prioritize risks even when they are working with limited resources,” is a good practice, Ledingham said.
The biggest challenge for any security team is dealing with everything that is on their plate. “How do they spend their limited resources? They need to understand new vulnerabilities and be able to quickly analyze and understand the impact of those vulnerabilities,” said Ledingham.
Where security has traditionally been focused on protecting the perimeter, there is a growing shift with more and more information accessible via the Internet and applications exposed on the Internet. “That’s the challenge that companies are struggling with right now,” Ledingham said.
Security is neither a network nor an application problem, it’s a risk management problem. The solution, said Ledingham, is prioritizing based on the sensitivity of data or applications in conjunction with understanding how high of a risk is actually present.
Both applications and networks present risks and have the potential for malicious hackers to gain access to sensitive information inside the network or inside applications that have access to the network. “Take into account what your infrastructure looks like and the applications that are externally exposed,” said Ledingham.
“I don’t think you pick one or the other,” Ledingham said of allocating resources to network security vs application security. “Look at it from a risk perspective and decide where you are going to allocate between the two.”
Sign up for CIO Asia eNewsletters.