Trends like BYOD, Cloud and the Internet of Things have made the world smaller, enabling business to be conducted faster with enormous increases in flexibility and productivity for the workforce. Like most good things, though, there is another side of the coin. While IT no longer has the same control that it once had over all the devices used to access the network, nor over all the applications used for getting work done, the expectation that users will have secure network access remains paramount. And, IT must provide this while navigating a tricky new security landscape mined with a host of potential threats that come with the convenience of today’s technologies.
At Dell, we have been aware of this new generation of potential threats for some time. They are menaces that come at the organization from all perimeters, both inside and outside of the network and can move in a nanosecond from the realm of the merely theoretical or possible to the realm of the actual. They can be hidden in poorly configured settings or permissions, or ineffective data governance, access management and usage policies. They can infiltrate the network as malware from the myriad devices used to access corporate data. They can result from social engineering aimed at unsuspecting employees, or they can be perpetrated by a disgruntled employee with too much of the wrong kind of access. However they get into your network, the fact remains that they’re lurking and waiting for the opportunity to strike. Once in the network, these threats can compromise corporate and customer data, causing a huge financial impact on the organization, both from loss of business and reputation, and non-compliance penalties.
As CSO of Dell, I remain focused on this new, ever-evolving threat landscape. It’s my charge to look at the full spectrum of possible implications associated with these security gaps and vulnerabilities, and to have clear actions for how to mitigate this business risk. We felt we needed to dig into this new wave of threats ─ to understand where companies stand in terms of their awareness and their ability to protect against them. So, we recently commissioned Vanson Bourne to conduct a global security survey of 1,440 IT decision-makers in both private and public sector organizations, each having more than 500 employees or end users, distributed across 10 different countries. The results showed that too many organization, are unprepared to deal with this new wave of potential threats. While almost two-thirds of the organizations surveyed admitted to experiencing a security breach within the last 12 months, only 37 percent consider unknown, potential threats a top security concern in the next five years. And, although 83 percent said their existing security processes enable IT to immediately identify a security breach, it took an average of seven hours for them to actually detect a breach. Clearly, these threats are real and always evolving, yet organizations remain somewhat unaware of all of these new paths to breaches.
This year’s RSA presents an opportunity for us to showcase our portfolio of Connected Security solutions that provide a variety of ways for us to help customers address these threats. Recognizing the growing strength of the internal threat specifically, we went down the path of developing a key capability that helps organizations of all sizes to batten down the hatches around vulnerabilities created by internal, privileged users. At RSA this week, we will announce the release of Privileged Governance Solution, which tightens access governance for all-powerful privileged accounts by integrating our solutions for privileged management, and identity governance and administration. Unmanaged privileged accounts are targets for both internal and external attacks, but with its single platform to provision, manage and govern access to all system data for both privileged and everyday users, One Identity Manager – Privileged Governance Edition closes security gaps, and streamlines provisioning and access governance regardless of users’ roles or the level of access they need.
IT security is, and will continue to be, a dominant concern for organizations of all sizes, and we remain focused on designing security solutions that address our customers’ and partners’ most significant pain points. We believe the key to addressing their requirement for protection on all fronts ─ from data to endpoints to the cloud ─ is to adopt a holistic strategy of Connected Security that gives a clear, connected view of networks, data, applications and devices; governs access to every application; and protects every device, both inside and outside the corporate network. Our goal is to make sure our customers are forewarned and forearmed, keeping them a step ahead of the multitude of potential threats poised for attack. That’s the best chance they have for winning the battle and keeping their data safe.
For a more detailed look at the global security survey results, get the summary whitepaper here. If you’re interested in learning more about the Dell One Identity Privilege Access Governance solution, click here. Also, if you’re attending RSA, stop by the Dell booth #1301 to learn more about our Connected Security portfolio.