Trust the foundation block, laid by people: APAC InfoBrief on cybersecurity

Trust is a difficult word to define in a technological age. It doesn’t easily translate to the binary basis on which all technology is built – a zero or one representing presence, or lack of. As a difficult-to-define human emotion, we can only hope to put in place its building blocks; then, trust itself emerges and continues to exist only when those things on which it is based continue, and are solid.

For businesses today, the concept of trust is a significant — probably the most significant — factor in a company’s long-term survival. Leaders of organisations work hard to establish trust on different levels: between the company and its customers and customers-to-be, between its partners and itself, and between employees at all levels and employers. The concept of A-Grade customer experience is also built on trust: the best products, delivered by the most astounding apps will be simply ignored once trust evaporates. And, in this technological age, trust is most easily lost by information breach.

People the new perimeter

Thanks in no small part to recent events, it’s become more apparent that unlimited working locations, and unlimited work devices have made protecting personal identity equivalent to protecting the company.  With (literally) no traditional perimeter to protect, it’s alarming that only 53.8%1 of organisations are either planning or considering cybersecurity measures that specifically target the protection of the individual (according to an infobrief by IDC focussing on the APAC). That statistic is alarming on two counts: firstly, the 53.8% are only in the planning stages of protecting the people in their organisations. Secondly, the rest of those surveyed don’t necessarily have coherent protection plans and facilities in place.

1 The Value of Identity in the Digital Environment, IDC and LogMeIn, pp.5, “23.4% of Asia/Pacific organisations plan to deploy MFA for all users accessing sensitive data […] 30.4% of Asia/Pacific organisations are considering or piloting identity federation plans.”

Left to their own devices, the cyber hygiene of most individuals has been proven, many times, to be poor. Sharing passwords, using the same password or a simple variation, using easily acquired personal information as part of proving one’s identity (mother’s maiden name, date of birth, etc.) — all of these are an everyday occurrence.

But combine that reality with the (enforced) intermingling of work and personal uses of technology over the last few months, and organisations have a recipe for disaster.

If we assume the building blocks of trust are privacy, ethics and data compliance, a single mistake by a single employee has the ability to remove the first and third of the critical underpinnings of trust. With the loss of trust comes financial fallout, loss of face, PR costs, and most importantly, the negation of all the work that has gone into building the customer experience to date: app and service development, marketing, UX research, testing, API implementation, work with partners, development of supporting infrastructure, the list is endless, and represents massive expenditure. All rendered down to zero value!

Identity and Access Management

With IT budgets low, and security teams under-resourced in the Asia-Pacific region, how should companies develop the security-first, and individual protection emphasis necessary to protect the enterprise’s trust, internally and externally? There are point solutions out there that can help organisations address one or more of the current security concerns. But most companies operate several dozen such solutions, each of which might function completely independently, or within limited interoperability models.

But if we focus attentions on the individuals in the company, and ensure that they, and their identities, are properly protected, the enterprise itself is protected. Some of the tools available will be familiar to CIOs — that’s neat coincidence, as in the APAC, 80% of CIOs are also, whether by accident or design, the CISO for their organisation. In this respect, (SSO) single sign-on facilities, properly implemented form part of the CIO’s toolkit, yet also help ensure users’ identities.

SSO is proven to significantly reduce IT resource drain, not by cutting corners, but by providing users with centrally-managed and secure access to the systems for which they are allowed access. That reduces helpdesk hours, account creation/deletion/editing overheads, and makes sure that only the right people get access to critical or sensitive systems.

But in combination with MFA (multi-factor authentication), enterprises can start to build a framework that not only reduces costs but makes security and personal protection heart of all operations. This in turn ensures that trust between all stakeholders is maintained, and therefore can place the CIO (with or without their CISO “hat”) similarly centrally in the organisation’s strategic considerations.

Interestingly, the study we quoted earlier also shows that in the region, only 23.4% of IT decision-makers are planning to deploy MFA. That’s an alarming statistic and presents more forward-thinking businesses with an opportunity to remove themselves from the hacker’s favourite category, the “low-hanging fruit.”

To further the protection to the individual in the enterprise, wherever they may be working, and on whatever hardware, a personal password manager (ideally supplied by the same company as the other elements of the IAM [identity and access management] system, or at least compatible with the same) fills in the remaining blanks. Specifically, it removes a prime risk, that of the same password, or similar password being used for every account, personal and business. Ironically, in organisations where a password manager is not offered as part of the identity management fabric, employees often use a personal password management tool, thus helping engender safety for the organisation by proxy.

The bigger picture

To read more about the correlation between personal identity management, corporate data management and adherence to governance, and how these form the building blocks of trust, download the infobrief document from IDC and LogMeIn. With deeper exploration of the figures from the survey, and a more thorough covering of the ground that we’ve touched on here, it shows just how enterprises can place the notion of trust at the absolute centre of operations and create the environment for growth and success. By following the steps, you can stop gambling with the cornerstone of continued success that is hard-won, and very easily lost: trust.

Cyber SecurityIAMMFAPlatformsSoftwareSSO