Holistic IT security
A good IT security reseller does more than simply sell the hardware and software, notes Chris Gale
Many UK workers could potentially copy electronic data and files and take those materials with them when they leave the firm. How much valuable company information stored on databases, spreadsheet files and the like can be crammed on a £10 USB stick?
This is interesting – and not just when it comes to thinking about the morals involved. It suggests that companies must defend against the insider threat, as well as the usual suspects attacking from outside the network.
I believe malicious intent is behind more than half of data losses, with insider breaches accounting for about a third, and hacking about the same.
The most effective strategy is to protect applications and databases, in parallel with the more traditional approach to security. Technologies used might encompass web app firewalls, full drive encryption, server or end-point hardening, and end-point data loss prevention.
Many organisations may not know if they have suffered any data loss incidents.
It is now becoming clear that resellers need to supply their clients with assistance in navigating numerous security mandates, threats and other technologies.
Many companies may not have data removal policies for when a member of staff leaves the firm. Yet lots of people store corporate data on their home computers or personal mobile devices. External espionage or revenge-seeking staff may be another key source of threats.
Once again, there is clearly a channel sales opportunity here.
A good reseller will sell the security building blocks, glued together with software technology that enforces policies laid down by management, such as stopping a member of staff from copying the entire sales database to a USB stick.
This kit dovetails well with conventional audit technologies such as data access logging – who did what, when, and with what data – and good old database security. Web app security, access controls, file locking, authentication and encryption all have their roles to play as well.
All this cannot be achieved by a single-project or series-of-projects approach, but rather imposes a process of constantly evaluating user access privileges.
Of course, this helps resellers build up a relationship with the client, and assists the customer to monitor access to sensitive corporate data and build a detailed audit trail.
Chris Gale is European partner director at Imperva