MARKET REPORT Data Security
“While theoretically prevention should be the solution, the reality is that some of
the attack vectors will penetrate security.”
Ian Kilpatrick, Strategic Advisor for Cybersecurity at Nuvias
©Amy Walters.com-stock.adobe.com
organisations however is that
the cloud dissolves traditional
perimeters and increases business
velocity by removing the friction
caused by legacy systems while
also creating the need for evertighter
security. As organisations
roll out “cloud first” policies,
proper discovery, governance,
and protection are three boxes
that must be diligently checked if
businesses are to expose security
blind spots and protect personnel
and data.”
Ryan Weeks at Datto says it
is important to understand that
there is no silver bullet to protect
against cybercrime.
“Organisations must ensure
that if the worst does happen,
they can recover. They need to
ensure they have a robust and
tested incident response plan in
addition to a wellfunctioning
business continuity
and disaster recovery solution.”
A pragmatic Iain Sinnott,
Head of Sales at VanillaIP says
that prevention and post issue
management are naturally both
required, you don’t leave a gate
open just because you are good
at rounding up lost sheep.
“VanillaIP has always
approached business challenges
with this dual focus and
Credit Lock is perhaps a great
example. Each extension on our
system has protection through
authentication; call capacity
management restricts any
hacker’s commercial potential
and outgoing call plans are
applied to restrict potential
access to ‘pirate’ territories
(unless those destinations
are required by the client for
business as usual activity).
But behind that, as a fail-safe,
we have a commercial trigger
driven, fully automated ‘offswitch’
on each extension to
make sure that if we are beaten,
then cost is low.
ED SAYS…
I tend to agree with a prediction from PCI PAL for 2019: Cyber-attacks will evolve
rapidly and unpredictably in the next year, but three core principles remain the same:
vulnerabilities will be found in new systems that will be attacked sometimes even
before being discovered, old systems with known vulnerabilities will continue to
provide a glut of opportunities for attackers, and human error will be a reliable target
for any malefactor. Perhaps it is time to embrace an MSP based solution that could,
as suggested here, provide solutions that give users a better route to prevention,
alongside better analysis for mitigation?
a huge opportunity for partners
that invest their time and skills
in this area, and customers that
acknowledge their vulnerability
will welcome the input.”
Prevention or mitigation? Are
both approaches needed to
tackle this problem? Are we
seeing other types of solutions
in the market?
Essentially they are both needed
says Ian Kilpatrick at Nuvias.
“While theoretically
prevention should be the solution,
the reality is that some of the
attack vectors will penetrate
security. Depending on the type
of organisation you are, nation
states will be directly targeting
you. Prevention will absolutely
not do the job of protecting you.
We are seeing more mitigation
at the high end, where companies
are looking to identify an attack,
stop it, depress it and analyse it.
At the lower end of the market,
the prevention route is the bigger
route because organisations
don’t have the resources to do
more. But there is strong growth
in managed services. MSPs are
providing solutions that give
users a better route to prevention,
alongside better analysis for
mitigation.”
Prevention and mitigation
are two sides of the same coin
according to Duncan Brown at
Forcepoint.
“It is important for
organisations to obtain a
complete picture of all data
used in the organisation and
any associated potential risks.
For example, Shadow IT can
often exceed 35 percent of a
business’s total cloud usage and
this includes active services, such
as home-grown web applications,
and also dormant (inactive
current employees), orphaned
(ex-employees), and external
(contractors) accounts. Even
sanctioned cloud usage can be
misreported or get lost in the
transition and course of dayto
day operations. Mitigating
against the threats posed by a
data breach means preparing
properly, and in depth.
What is true for all
50 | Comms Business Magazine | March 2019 www.commsbusiness.co.uk
/www.commsbusiness.co.uk