SolarWinds are exhibiting at DPRTE Engage Online 2020.
It’s well-known that the defence sector must be prepared for threats from all angles, but sometimes the focus lands on physical security versus cybersecurity. Though this is where our defence would have traditionally operated the most, over recent decades, the need for first-class IT security has become increasingly vital to keep the UK safe in a virtual sense. However, initiatives to improve IT security in most sectors are often ineffective.
The reasons for this can be attributed to three pitfalls: a one-sided perception of the threat, the implementation of initiatives with a rigid security definition, and the downgrading of IT security to a corporate role. The key to overcoming inefficient security is to understand how these challenges appear in the first place, before identifying what innovative technology solutions can help.
Pitfall #1: One-Sided Threat Perception
Often, the focus of conversations around IT security is on external threats, particularly from new technologies and the ever-increasing number of sophisticated cybercriminals in the world. Mobile end-user devices, cloud computing, and virtualisation blur the boundaries between IT applications and corporate networks. Reports of high-profile cyberattacks on prominent institutions and contractors across multiple sectors—such as the recent hacking of Interserve, the U.K.’s Ministry of Defence (MoD) contractor—mean that discussions can be primarily centred on external threats.
IT security against external threats is now indispensable for all; for the defence sector, the data organisations hold is too sensitive to put at risk. Nevertheless, this one-sided, outward-in view does not provide a complete picture of threats that organisations face. A simple mechanism is at work here: people tend to externalise security problems.
As a result, the walls protecting the organisation’s network from the outside are built increasingly higher, while the ease of access within the network can be overlooked. “Insiders,” who often move freely within a network, can be ignored unintentionally, and many users end up with access to large quantities of knowledge and data. Databases and file servers may become exposed to unauthorised use, misuse, disclosure, or even destruction.
Pitfall #2: Restricting Security by Definition
One of the biggest challenges with security initiatives is the fact that they focus on security. It’s too abstract a concept in itself to provide recognisable value to the end user. IT security incidents, particularly within the network, are rarely identified and thus remain beyond the experience of most employees.
To make matters worse, interventions—the sole aim of which is to increase security—can limit the work processes of users. This results in deviations from any new guidelines that the defence sector is expected to follow, which leads to the exact opposite of the desired results. The basic problem is security and efficiency normally conflict with each other.
The key point is IT security measures must also offer tangible benefits for users. When this isn’t the case, the intervention is unlikely to be accepted. It’s therefore advisable to change the focus. The question should no longer primarily be how to increase security, but rather how to simplify existing security processes.
Pitfall #3: Constraining Security Development
As IT security has become increasingly crucial, multiple new roles have had to be developed to keep pace, such as data privacy specialists and information security managers. This is a significant change for defence organisations to manage. But many are still under the illusion that their security issues are then fully resolved. Unfortunately, security expertise within the organisation is also often completely centralised within certain roles and therefore restricted to these roles alone.
The problem with this is security expertise is siloed, which makes it difficult to expand. Aspects of it should be developed in a decentralised manner within the organisation, at least within senior management. The identification of sensitive information, knowledge, and data—and who should have access to these—can only be determined by the data owners within the different departments of an organisation. Given the vast amounts of sensitive data in the defence sector, it is crucial that only necessary users are given access to any one piece of it.
Make ARM Part of Your Armour
The solution to these challenges is access rights management. The practice is designed to help IT and security admins quickly analyse user authorisations and access permission to systems, data, and files, thereby helping them protect their organisations from the risks of data loss and breaches. Simply put, access rights management can help make user provisioning, deprovisioning, tracking, and monitoring easier, while minimising exposure to insider threats.
A quality access-rights-management tool establishes the conditions for implementation of internal IT security with five basic services:
As the number and sophistication of cyberthreats continue to rise year-on-year, the defence sector should consider the benefits of prioritising IT security and strengthening its security posture. After all, though some might think national defence is about armies against physical threats, the risks of the digital landscape can be just as dangerous.
SolarWinds will take their place at the DPRTE Engage Product Showcase, which offers an invaluable opportunity to engage and develop new and existing partnerships with a wealth of leading suppliers who are actively delivering a diverse range of innovative products and services that can support both current and future procurement requirements.
For the private sector suppliers, the product showcase conversely provides a unique platform to connect with over 1,500 key decision makers from throughout the full defence acquisition supply chain.
Delegate registration is now open
In addition, a final few virtual exhibition product showcase opportunities are still available. For further details, please email exhibitions@dprte.co.uk or call 0845 270 7066.
Defence Online is the official media partner of DPRTE 2020
If you would like to join our community and read more articles like this then please click here.
If you would like to join our community and read more articles like this then please click here.