Photo: Dr. Hugh Thompson, Bluecoat.
Thanks to cheaper costs of consumer technology and high smartphone penetration in Asia, today's enterprises are seeing their employees using their own devices to get work done.
Not surprisingly, the trend of bringing your own device or BYOD is increasingly compromising the network security of companies across Asia. In a recent survey and report in conjunction with the Economist Intelligence Unit, Asian environments such as Singapore saw an increase in almost three times higher in individuals "bypassing IT and using their own apps in conjunction with doing their job".
Dr. Hugh Thompson, Chief Security Strategist and Senior Vice President at Blue Coat, and an influential thinker on IT Security, spared some time to talk about enterprise security in a Q&A session. He has more than a decade of experience creating methodologies that help organisations build demonstrably more secure systems and has co-authored three books on the topic.
Q: Many organisations big or small, especially in Asia, think that security breach is not going to happen to them but to someone else, until it actually happens. But by then, it might be too late. Why is this resolve lacking? Is it a case of poor security oversight, lack of awareness, and/or just bad implementation? Or are organisations still overly concerned about costs?
Dr. Thompson: Cyber security is very similar to personal security—people often don't see the need to have a burglar alarm installed until they get burgled themselves. It's not just cyber criminals we have to worry about- it's also hacktivists and nation-level attackers. It is critical to review your security policies and practice them. Many organisations with the good fortune of not being hacked see security as cost that needs to be minimised, but if security is done right it can in fact increase profitability, thereby accelerating the business growth.
Q: What's the right approach to good enterprise security? Or rather, what are the wrong approaches to avoid?
Dr. Thompson: The right approach to good security in enterprise would be to identify threats and put in effective controls to mitigate them. On the other hand, looking at security as a want instead of a need, and simply investing a minimal amount into security to satisfy existing business regulations would be the wrong move. Investing in security is essential to growing and protecting the business.
Q: Often, the weakest link is humans themselves—either through inadvertent oversight or deliberate intention to break the defence. Why are we not plugging up this "hole" yet?
Dr. Thompson: It is very difficult to get someone to change their behaviour when it comes to security, so while the human element is the obstacle, bringing the right technology into enterprises will help create a safety net around user choice.
Sign up for CIO Asia eNewsletters.