Embedding a security culture is key to data protection
The protection of data and information, from employee’s personal data to corporate data, is the greatest challenge facing businesses today. And as the majority of businesses today have adopted cloud strategies, another layer of risk is added to the mix.
So says Francois van Deventer, senior networking sales specialist at Citrix Networking, adding that the asset value of information is the key driver, and threats to that information require a much broader business awareness. “Ensuring that these threats can be effective and economically managed while simultaneously enabling business agility becomes a challenge.”
This, he says, is why businesses should have a security strategy that encompasses all facets of the business. “Educating and embedding a security culture with the end-user is key. With the adoption of cloud-native technologies, the attack surface increases substantially and managing this is on top of all CISOs' minds.”
Van Deventer says the mobile, distributed workforce, alongside the move into the cloud, have provided huge benefits to organisations, but very real security concerns too. At the same time, security measures can negatively impact performance and thus user experience, because security is often a bolt-on and is not integrated into the whole development process.
“However, it is possible for IT performance, user experience, application experience and information security to coexist," he says. It is key for CISOs to understand that application development and information security need to be tightly integrated, so that applications are developed with security in mind. “Known as DevSecOps, this approach ensures that security best practices are incorporated into every facet of application design as well as deployment, so that applications are both more secure and can be deployed securely across the heterogeneous multi-cloud environment.”
Seven out of 10 data breaches occur on endpoint devices, with 92% of reported vulnerabilities emanating from applications rather than networks.Francois van Deventer
He says applications are currently consumed anywhere, and from a variety of sources, which greatly increases the ‘attack area’ or vulnerability. “One consequence of this is that endpoint security becomes critical, given that seven out of 10 data breaches occur on endpoint devices, with 92% of reported vulnerabilities emanating from applications rather than networks.”
By integrating security into application development from the get-go, DevSecOps plays a role in ensuring that security and performance do not result in either being compromised.
Citrix, in conjunction with local ICT distributor Axiz, is the platinum sponsor of the upcoming ITWeb Security Summit 2020, to be held from 25 to 28 August as a virtual event.