With work from home and the accelerated move to the cloud, organisations have had to provision appropriate infrastructure to cope with this challenge while also dealing with the increased cyber risks.
In doing that, IT ops and security teams have to make certain trade-offs to optimise enterprise platform efficiency while implementing cyber security protection.
So says Glenn Lazarus, CEO, ATS Network Management, who will discuss this topic at the ITWeb Cloud & Data Centre Summit 2022, being held on 24 February at the Maslow Hotel in Sandton, Johannesburg.
The question, says Lazarus, is how to bring about effective change without disruption to the end-user, who feels they are being compromised in terms of availability or the time it takes for functionality to be active.
Cyber security measures may restrict usability, performance, and even operational functionality. In order to achieve the last, security and compliance that restrict access need to be minimised. At the same time, if usability concerns are not dealt with, users respond by trying to circumvent security mechanisms, so finding that balance between cyber security and operational functionality is key.
“The different teams within a business – IT ops, or DevOps – are tasked with making systems available and functional. Security’s job is to protect the company’s most critical data, limit access and enforce least privilege,” he says. “The trick is having the full bouquet of services available, while still protecting the environment.”
Lazarus adds that access can’t be restricted. “The company must have efficiency, as well as good security.”
Speaking of the pitfalls to avoid when implementing security, Lazarus says the key is to avoid over-complicating things and disrupting the end-user experience.
He says: “Strategically, we have to make sure that operations and security teams work together, so that we don’t work in silos. We need to focus on key outcomes, and be as efficient and capable as possible.”
He stresses that this must be measured, otherwise a functional enterprise cannot be built. “If you don’t measure, you cannot learn from it. This is a day-to-day process, and should question how efficient you are at making sure security is effective and operations are not disrupted.”
Share