According to a survey by Bit9, administrators are less confident than ever about their ability to secure their servers. Why is this?
Michael Bilancieri, director of project management at Bit9, talks to us about the disappearance of the traditional perimeter and how this is making administrators nervous. There is a greater awareness that servers are under attack, he says, and the attacks are getting more persistent and more effective. Organisations have been layering on security, but the effect is to make the security stack unmanageable, as well as having too great an impact on system performance.
It’s not only the threats that are getting more advanced – it’s also the tools we deploy to combat them, which now need unprecedented levels of tuning and configuration. And typical approaches to security are reactive and work only once the threat has been encountered and maybe some sort of compromise has taken place.
What’s needed, Bilancieri argues, is a more hands-off yet proactive approach. This means taking a stance before you get breached or infected about what kinds of things you allow on your network and only allow what you know is good to run – because if you wait until you’ve positively identified something as malicious, it’s probably too late.
Authentication is a key element in security. Alas, the dear old password is a deeply flawed method of establishing a user’s identity. Every year, someone pronounces the password dead, or unfit for purpose, yet we seem stuck with it.
So people are looking elsewhere. Both individuals and organisations want solutions that meet the criteria of usability, security & low cost. After high-profile account hijackings, Twitter and other firms have introduced two-factor authentication (2FA), and it’s something that many organisations are looking at. So what are the main drivers for firms to adopt 2FA? Tim Brooks at Signify explains.
He also touches on the increasingly familiar concept of ‘identity as the new perimeter’. What does this actually mean, and does it require a new understanding of what it is we’re protecting?
Setting up the strong identity systems that this approach requires means having a consolidated view of each user, by integrating multiple sources of info – everything from AD to payroll. Once you’ve done this, Brooks explains how you can use them for other benefits within the organisation. And he touches on what he sees happening in the future, with context-aware authentication systems, perhaps using dynamic data.