Relying entirely on prevention is also insufficient, he added. Banks, despite all their secured safes and locks, still have alarms and hire guards to ensure safe banking.
The other aspect of security is risk assessment, which Sidaway said should be a fundamental step in implementing an enterprise security solution. He reiterated that risk assessment isn't about having a checklist, nor a vulnerability scan or penetration test. Neither is it compliance with a standard. "It is about what information do you have that needs protection and where is it? What are the threats to this information? How much would each threat cost if it occurred? How frequently can each threat be expected to occur? What are your options to make the threat go away? How much would these options cost?"
Sidaway then summed up that the "security budget is now a cost/benefit equation: expected loss x expected frequency = security budget." He further said that Integralis's global enterprise methodology (GEM) would help customers achieve business alignment; identify threats and vulnerabilities; create risk controls framework and roadmap; and deliver solutions against security architecture.
"In short, it's about aligning one's enterprise security architecture to one's business goals using enabling technologies to drive security operations," he concluded.
Comprehensive approach to BYOD
Ng Tock Hiong, Director Systems Engineering, at Cisco, took the stage to talk about the Bring-Your-Own-Device (BYOD) trend in the enterprise. His presentation included information about Cisco's BYOD smart solution, how demand for mobile access is driving the need for a comprehensive approach to handling various issues, in addition to security.
Photo: Ng Tock Hiong
Based on Cisco's own findings, the demand for mobile access has grown exponentially, simply because of the sheer number of networked mobile devices—15 billion globally by 2015. "Moreover, 56 percent of information workers spend time working outside the office, and three-quarters of employees use multiple devices for work," he said. "All this led to IT staff struggling to keep up with mobile needs."
Issues like data security, device security, control over devices, compliance, and operations thus require immediate attention. And to do so, organisations should adopt a comprehensive BYOD approach to address these issues. "From a business perspective, to take a comprehensive approach that can drive new business models by enabling mobile devices, one would need to maintain the user experience," Ng said. "Access given should be exactly the same whether the user is in the office or at home. But to ensure that is a seamless process, you'll need to identify the challenges and your approach to BYOD, and also the need to understand all the business benefits, and the IT challenges as well. Most importantly, BYOD should be a company-wide project that involves collaboration among the network team, human resources, endpoint team, application team, security operations, and compliance operations."
Sign up for CIO Asia eNewsletters.