For example, cloud storage providers have full access to data and control where it is stored. Organisations normally don't have much information about the infrastructure and the security mechanisms in place. And it might be that this storage isn't in their own country, which could raise legal challenges.
Social Networks: The extraordinary popularity of social networks has made them an attractive platform for malware authors, spammers, identity thieves and other cybercriminals. Social media networks encourage and reinforce an implied trust between users. Your new friend, or more likely a complete stranger, can then use and abuse this trust to take advantage of you, your social network accounts and maybe even your identity and bank accounts.
How ready would you say organisations in ASEAN are to face and manage today's infosecurity and risk management issues in general, and with data security in particular?
Malware threats and the security landscape have evolved dramatically over the last couple of years, which bring about a paradigm shift in customer requirements as well. Today, having anti-malware tools and firewalls in place is no longer enough to protect the dissolving network perimeter. The lack of data protection can hurt the bottom line, and organisations not only require an integrated approach to cross-platform security, full-disk encryption and network access control but they also want to do it easily without upsetting the existing security infrastructure and incurring additional costs.
Many of our customers in Asia and ASEAN are aware of the need to deal with these changes but they also want to do it as easily as possible.
The idea of simple security management is critical to enterprises regardless of size, as most often than not, the barrier to complete protection lies in the complexity and cost of managing a myriad security solutions and platforms. Maintaining full-spectrum protection across these differing tools on a day-to-day level can be arduous and labour intensive if not done right.
In reality, comprehensive protection does not have to be complicated or costly. A more efficient approach to security means both human and physical resources are freed up to improve and expand other areas, resulting in increased productivity, profitability and flexibility for their business. These are the compelling propositions we bring to our customers.
How would you suggest they go about addressing all these different issues?
Organisations need a "complete security, without complexity" approach to adequately address today's security challenges.
To help organisations address the security implications of cloud storage and social networks, here are the best practices.
For Cloud storage:
1) Apply web-based policies using URL filtering-Organisations can control access to public cloud storage websites with URL filtering, which prevents users from browsing to forbidden sites.
2) Apply application controls-Use application controls to set policies for the entire company or specific groups to block or allow particular applications.
3) Apply data encryption-Automatically encrypt files before they are uploaded to the cloud from any managed endpoint. An encryption solution allows users to choose their preferred cloud storage services because the files are always encrypted and the keys are always your own. And because encryption takes place on the client before any data is synchronised, organisations have full control of the safety of their data. Central keys give authorised users or groups access to files and keep these files encrypted for everyone else. Should the web key go missing for some reason, the security officer inside the enterprise would have access to the keys in order to make sure the correct people have access to that file.
Sign up for CIO Asia eNewsletters.