This year's Computerworld Security Summit 2015 in Singapore saw over 200 delegates congregating at the Marina Bay Sands Expo and Convention Centre on 5 March 2015. Speakers and delegates delved into infosecurity issues, especially on ways to better combat the increasingly frequent and sophisticated cyberthreats faced by organisations.
New security requirements
Gerry Chng, Partner, Advisory Services, of EY Singapore, kicked off the summit with tips to get ahead of cybercrime.
According to EY's Global Information Security Survey 2014 (which garnered 1,825 responses globally), 56 percent C-suite leaders and IT executives said that their organisations would unlikely be able to detect a sophisticated attack. To address this, Chng encouraged organisations to first take a risk-based approach to resolving issues and setting priorities, before implementing controls. "Instead of trying to monitor everything, filter down to the top five risks before implementing relevant policies and watching them carefully."
Managing user access to corporate networks could be challenging with the advent of the bring-your-own-device (BYOD) trend but that could be overcome by the use of identity and access management (IAM) solutions, in addition to reducing the cost of access control, delegating decision-making to appropriate parties, demonstrating regulatory compliance, and enhancing emerging security capabilities. Despite these advantages, nearly two thirds of the respondents admitted to not having a well-defined and automated IAM programmes.
Larger organisations should consider having a security operations centre (SOC), advised Chng. Since SOC centralises, structures and coordinates the processes and technology supporting the security function, it enables IT department to gain better visibility to the organisation's security.
Besides that, Chng highlighted the need for sharing cyberthreat intelligence as well as managing risks from partners, clients and suppliers, to get ahead of cybercrime. He also emphasised the importance of being prepared to activate appropriate handling mechanisms for a breach. "Besides having an incident response plan, organisations should be ready with statements for the media and stakeholders in the event of a breach."
Security in the virtual world
Traditional approaches to networking not only prevent today's organisations from realising the full promise of the software-defined data centre, but also subject them to limited flexibility and operational challenges, said Iwan Rahabok, Staff Systems Engineer of VMware.
Network provisioning was also slow, and workload placement and mobility was also limited, he added.
The solution to these challenges is to virtualise the network. With network virtualisation, the functional equivalent of a "network hypervisor" reproduces the complete set of networking services (e.g. switching, routing, access control, firewalling, Quality of Service, and load balancing). As a result, they too can be programmatically assembled in any arbitrary combination to produce a unique virtual network in a matter of seconds.
Sign up for CIO Asia eNewsletters.