The IT Security Risk Assessment: The Elephant in the Boardroom

Posted: October 25th 2015

Swivel Secure: Without a New Approach to Risk, Cloud & IoT Could Derail Enterprise Security

A new whitepaper from multi factor authentication provider, Swivel Secure, entitled ‘The IT Security Risk Assessment: The Elephant in the Boardroom’ highlights how transformative technologies like Internet of Things, cloud and mobile could derail enterprise security entirely unless a new enterprise-wide approach to assessing risk is adopted by the board, the IT and information security (IS) departments.

The paper explores the security challenges facing IT and IS departments as they seek to integrate the new with the old, without impacting the end-user experience or the performance of their systems. As department specific cloud based services proliferate, enterprise IT decision making is shifting away from the traditional IT and IS departments, resulting in systems and data security vulnerabilities disappearing from view.

Chris Russell, CTO, Swivel Secure comments: “As companies increasingly move to using BYOD and the cloud, IT and IS departments must remain central to both the selection and the migration process, if they are to prevent security chaos. In recent years, the number of devices and cloud gateways used to access corporate data have rocketed. What can seem like an obvious strategic move to the board, like using digital transformation to cut costs and promote productivity, can present serious risks to the firm’s data security. Unless the board learns from the mistakes of BYOD, the coming of the Internet of Things could make an already bad situation dramatically worse. A fresh approach to the culture of risk is needed if tomorrow’s enterprises wish to strike an appropriate balance between protecting their data and harnessing transformational technologies.”

“By increasing the number of gateways onto the corporate network, IoT implementations risk creating a new wave of fresh vulnerabilities,” adds Russell. “Reputational and financial damage loom large for companies that embrace IoT without taking steps to ensure that full visibility, security management and proper development practices remain central to the evolution of their systems.”

The white paper contends that only by taking a fresh and rigorous approach to estimating risk can companies mitigate unacceptable security issues and appropriately guard their sensitive data and assets. Any such risk assessment must take a holistic view of the entire business, including areas of digital transformation, to assess what is ‘business-critical’. It must then implement policies and procedures, including risk based adaptive multi-factor authentication, that must be adhered to at all levels, but which are also flexible enough to cater to business strategy needs.

‘The IT Security Risk Assessment: The Elephant in the Boardroom’ will be of interest to IT and IS professionals, senior executives and board members advocating digital transformation.

The paper is available without charge from http://swivelsecure.com/product-features/adaptive-authentication

If you would like to discuss your multi-factor authentication needs, please Contact us.