Increased adoption of hybrid IT by IT decision makers is giving rise to numerous security trends, set to shape 2016 according to CenturyLink’s Australian Hybrid IT Adoption Index.
According to the research, 29% of organisations cite data security concerns as the main barrier to moving IT infrastructure into a managed IT model.
“A hybrid IT solution can be more secure than traditional IT, since the provider works with the customer to design a security strategy that matches the business needs,” explains Stuart Mills, regional director, ANZ, CenturyLink.
Mills says there a several security trends he expects to shape the coming year.
Managing employee risk
Roughly half of all corporate breaches are enabled by internal employees, says Mills.
“These most often result from employees not following security policies, either because they don’t know them or mistakenly did something they shouldn’t have, such as clicking on a phishing email URL,” he explains.
To effectively manage employee risk, Mills says security measures will need to move beyond focusing on technology to realising the importance of educating employees, contractors, and partners.
“Key to this is implementing ongoing training which is reinforced by top leaders,” he says.
Mills says executives can’t pass the responsibility to HR or IT departments; they must lead the charge themselves in order to be most effective.
“In addition to providing ongoing employee training, organisations should discuss their critical data requirements with their hybrid IT provider,” he says. “This ensures that, if there is a breach, critical data will be protected.”
Mills recommends having several layers of controls in place, and sound policies, including having a CSO leading these efforts.
Managing shadow IT
Mills says the use of unauthorised devices and platforms can significantly increase the risk of data breaches, but can also make employees more efficient by giving them quick and easy access to resources.
“With more and more purchases being made by lines of business, IT is being managed very differently than it was a few years ago,” he says. “This means IT must embrace new approaches in order to be successful.”
Mills says organisations should consider provisioning cloud-based business applications for lines of business to take back control of shadow IT.
“For example, letting any employee download the software they need from the organisation’s cloud means they are using legitimate versions of the software without slowing them down, and means that it is done in a way that minimises the security risk to the network,” he explains.
Increased partner selectivity
According to Mills, organisations will be increasingly selective when partnering with IT providers. The CenturyLink survey reveals 63% of respondents rated security as extremely important when it comes to choosing a managed services provider, and 65% also cited vendor reputation as important when looking at data centre colocation.
“Companies considering a hybrid IT approach are looking for providers that can deliver a full spectrum of security products and services, and the ability to deliver comprehensive protection inside the company’s offices, in the data centre, and in the cloud,” says Mills.
“High-profile hacking incidents have demonstrated that the industry as a whole is struggling to write secure code and promptly rectify security issues,” Mills says.
He says the emerging area of security virtualisation, which combines data visualisation and machine-learning algorithms, can provide predictive analysis to mitigate threats.
“Leveraging hybrid IT and big data technologies, security virtualisation techniques monitor traffic and network patterns to identify suspicious activities and threats,” Mills explains. “This lets organisations respond with countermeasures that may be better than conventional methods.”