Cyber Risk Management simplified: Your business is your kingdom

One of the big misconceptions about cyber security is that organisations can maximise protection by focusing their attention—and investments—predominantly on protecting the headquarters environment and physical network.  In today’s era of remote workers, mobility and workplace transformation, executives who embrace this centralised approach may be undermining or missing imminent risks at their network perimeters.

The concept of focusing protection on headquarters has been a viable security strategy for many years. It stems from a model whereby we’ve treated the business as our kingdom, and the headquarters as our castle. The better you could fortify the castle, the better you could protect your kingdom from those who would do you harm.

As threats would increase from the outside, you could build additional protections—moats and bridges—to control who could get into the castle, and how they could get in. Any threats could be identified and handled before they could do harm. In our analogy, the moats and bridges translate into firewalls and security policies.

But our proverbial kingdom has changed.  We no longer have just centralised castles to protect. With branch offices, remote sites, remote users and mobile workers, our domain is now everywhere and anywhere. According to research by AT&T, more than 50% of companies experienced security breaches from employee mobile devices over the past year. That is a risk most organisations can’t afford. But we can’t just build moats and bridges around every branch office and mobile user: The costs are too prohibitive and the potential for gaps in our protection too profound.

Just as castles and moats are no longer adequate means of protection in the real world, the technologies we’re relied on in the digital world are no longer valid. We need to adjust. The question becomes: How can we securely protect our central castles as well as our people and locations around the world at all times, whether they are stationary or mobile?

Look to the Cloud

The beauty of the centralised castle and moat methodology of protection was in its simplicity. It was a model we could easily understand and replicate across our entire environment, no matter how many branch offices we created. Mobility and remote workers have made protection far more complicated, yet we continue to yearn for simplicity.

Fortunately, technology innovation provides a way to address today’s security challenges by updating our protection methodologies – no more metaphorical castles, moats and bridges – while supporting the simplicity in design and management that are essential to modern business success. By moving toward a cloud protection model and away from a model based on protecting headquarters, organisations can be far more cost effective, proactive, reactive and consistent in their approach to cyber security.

The concept of cloud-based security represents an important approach to cyber risk management in today’s world. The idea is to leverage a services-based model for security, whereby the infrastructure is provided by an expert provider and your IT and security teams control the policies and protections based on your own specific needs.  

There are several critical advantages to this new approach:

• At a time when building proverbial castles and moats is becoming increasingly archaic, by leveraging the cloud you don’t actually have to build anything at all. You can use your IT resources more strategically to focus on revenue-producing projects.
• Budgetary concerns are always an issue for IT organizations and cloud allows organizations to shift from a CapEx model to an OpEx model. This model is always more predictable and typically more efficient because you only pay for the services you actually need.
• By leveraging a cloud provider the organization has a much better chance of “future proofing” security. The organization can leverage the latest security advances offered by the cloud provider as they come to market. This is particularly valuable in today’s environment, where the threat landscape is becoming more  sophisticated and hazardous by the day.
• Agility, flexibility and simplicity are hallmarks of modern businesses and essential characteristics of companies that successfully embrace digital transformation. Cloud is a model that enables you to achieve all of these things: Building more castles, moats and bridges takes you in the opposite direction – backwards, not forwards.

Conclusion

Cyber security challenges have changed dramatically in the past few years, but one thing has not changed: Your business is your kingdom. You must safeguard and protect it and you must adapt to changes in the threat environment and in the tools and technologies you use to ensure the protection and safety of your people and assets. Where castles, moats and bridges may have represented the most modern means of protection at one time, they are, in both reality and in metaphor, relics of another era.

In today’s era, much of technology innovation is moving from centralised environments to cloud environments. Cyber security is no exception. If you haven’t done so already, it’s time for your organisation to rethink your approach to cyber protection and modernise it using today’s solutions for today’s challenges. Your kingdom – and your business – will be better served for now and for the future.