Given its many responsibilities – from technical support and network maintenance to fielding help desk calls and implementing new technology – the IT department is among the busiest departments within an organization. Sometimes, in order for everything to get accomplished on a daily basis, corners are cut.
Unfortunately, as a recent IT Pro Portal report highlighted, it is often data security that lands on the chopping block. Companies deploy blanket measures that, on the surface, appear to do the trick but in actuality may leave information vulnerable to sophisticated attacks.
That’s alarming considering the fact that companies today are facing more intrusion threats than ever before. Information security is at a premium and the IT Pro Portal report stated that organizations must find the time to deploy and maintain effective measures.
“Every IT professional will know that it’s much easier to secure an entire network than tackle disparate applications,” Simon Richardson wrote for IT Pro Portal. “However, dealing with network security alone is like picking the low-hanging fruit from a tree.”
He added that generic network security measures only address part of the overall risk facing an organization’s data. Such practices protect data in transit, but ignore the other two states of information – at rest and in use, Richardson argued.
That means data being used in real time and data that is residing on hard drives and offsite backup servers, among other areas, remains vulnerable, Richardson said. And the issues are compounded when an organization is working in a virtual environment.
Instead, organizations should practice data security at the application level, taking each system into account. The process is both tedious and difficult, Richardson acknowledged, but it is necessary if enterprise information is going to be protected against all threats.
“Without a comprehensive security strategy that takes into consideration the entire ecosystem in which applications are deployed and exploited, businesses will continue to put themselves at risk of a security breaches, regardless of how much they invest in network security,” he wrote.
The need for such approaches to data protection is being driven by several factors, but none is as prevalent or as important as the accessibility of applications, thanks to an influx of connected devices. More so than ever, the report stated, employees are tapping into the enterprise network and its applications from various devices, including smartphones, tablets and laptops, among others.
And the issue is only being compounded by the growing consumerization trend. Data security questions are raised when employees bring their personally owned devices to work, because the company is unsure if they are equipped with the appropriate safety features.
However, a data- or application-centric data security solution will solve that problem. Instead of securing the devices themselves, the information is secured and only accessed from a central location. Among other things, this approach will protect data against malicious mobile apps and the damaging effects of a lost or stolen device.
A recent TechTarget report echoed similar sentiments that the need for more-focused data security strategies and measures has never before been so apparent. However, TechTarget also acknowledged the difficulties that companies are running into with such methods and offered ways to deal with them.
Unsurprisingly, cost is at the top of most companies’ concerns. But at the least organizations should identify their most important applications so they have a better idea which areas of the business require the most attention.
“Your most critical assets obviously take priority. Classify your applications and the data they handle, then rank them in order of importance,” the report stated.
That will ensure mission-critical applications and systems receive the appropriate attention.
Data Security News from SimplySecurity.com by Trend Micro