Worldwide spending on security continues to rise and is expected to reach almost £50 billion in 2015. With a number of well-publicised high-profile data breaches in recent months, corporate security has certainly risen up the agenda for many UK organisations. As growing customer expectations lead to a rise in the number of technologies and web platforms available, new potential attack-surfaces are constantly being created, providing a stern test of firms’ security.
Companies are therefore beginning to boost their investment in IT. It is essential that firms prepare their existing infrastructure to safely embrace new technology, particularly with the rise of Internet of Things (IoT) devices, which can often raise many security concerns. As many IoT devices are currently built without security in mind, they are often prone to vulnerabilities and therefore attack. To combat this, the prevailing message for businesses is to secure absolutely everything in the corporate network – whether that’s wearables and smart motion sensors or assembly line machinery and automation systems.
Enterprise IoT – what’s the risk?
With an increasing number of data breaches, such as the recently publicised Ashley Madison and TalkTalk hacks, businesses are becoming increasingly focused on IT risk as part of corporate governance. Cloud, mobile technologies, IoT and advanced persistent threats continue to evolve, influencing business IT environments and the way companies view and implement cybersecurity. Organisations are beginning to understand the new security challenges associated with emerging technologies and recognise that cybersecurity should be managed as a central business risk issue. For those businesses unwilling to be the next breach victim, risk management and mitigation is essential in elevating data protection levels.
As businesses look to find ways to work more efficiently, IoT devices are quickly being deployed within the work environment. In an enterprise setting, the IoT ecosystem is comprised of data-rich sensor-packed devices used in critical operations. Unfortunately, there is an abundance of devices that run on various operating systems, use proprietary protocols and often lack resources for advanced security configurations. Pairing the lack of widely adopted security practices with the involvement of third parties and cloud technologies, means developing enterprise IoT security solutions is no easy task. It implies numerous layers, but many classic best practices in network security, such as segmentation, zone-based policies and shutting down unused ports, still apply.
Securing corporate borders – is network virtualisation the key?
Network virtualisation is not only essential to the livelihood of a mature cloud infrastructure, it also boosts network security. There are endless benefits, including isolation and multitenancy, segmentation, and distribution firewalling. Isolation will prevent development, test, and production environments from interacting. Virtual networks are isolated from other virtual networks and from the underlying physical network by default. This isolation process protects the physical infrastructure from any possible attack initiated by workloads in a virtual network.
A network virtualisation platform also provides firewalling features to deliver segmentation within virtual networks, providing effective controls to mitigate the next step of a network intrusion and to limit further movement across the network or propagation of a threat.
To date, businesses have poured millions of pounds into securing their computer networks, however, they will never be able to completely eradicate security risks. Companies of all sizes need assistance from government schemes. The UK government spends millions in protecting UK businesses from cyberattacks, but also creates learning opportunities for cyber-skilled individuals and provides grants to encourage partnerships between academic institutions and cybersecurity companies, which can support innovation and investment in IT infrastructures. That is why going forward, alongside an increase in IT security spend, government initiatives and partnerships will prove pivotal in protecting UK businesses.
Alexandru Catalin Cosoi, Chief Security Strategist at Bitdefender
Image Credit: Sergey Nivens / Shutterstock