//////////////////////////////////////////////////////////////////////////
technology (IT) security together under one
management umbrella. The best practice is
to have an integrated security model that
unites IT and physical security for ultimate
assurance. By having a single view of cyber
and physical security operations, physical
security can be handled through field-based
IT staff, a central control centre and an
access control team, while cyber defence
operations act as the front-line against IT
threats using a security operations centre, a
computer emergency response team and a
unit dealing with abuse over the network.
Meanwhile, specialist cyber operations can
act as a nerve centre for proactive network
defence, monitoring incoming threats and
devising strategies to stop information assets
from being compromised.
Securing every endpoint
Alessandro Postiglioni, Head of IT Security
Sales, BT in Africa
Once an integrated security strategy is
in place, the utility should have a better
ONCE AN INTEGRATED SECURITY
STRATEGY IS IN PLACE, THE
UTILITY SHOULD HAVE A BETTER
UNDERSTANDING OF BOTH THE
POTENTIAL IMMINENT THREATS.
only focus on protecting physical and virtual
assets within the confines of the brick and
mortar office or on-site.
Rather, a comprehensive security strategy
needs to reflect the interdependence
of physical and virtual security, and the
importance of this.
Typically, one department or outsourced
contractor will provide services to shield
the IT systems and another will guard
physical assets. However, in today’s
increasingly connected world, the physical
and virtual assets are interdependent,
making a co-ordinated security approach
ever more important, bringing information
www.intelligentcio.com
understanding of both the potential
imminent threats, as well as any threats
it may be faced with in a few years’
time. Attention should then be turned to
protecting each layer of the network and
every endpoint.
In the past, it was simple to protect the
business networks and devices within the
work space. However, when mapping out a
security strategy, the first thing utilities need
to understand is that the scope of security
needs to stretch to cover a far wider range
of devices and access points. In fact, for any
business offering cloud and IoT-based or
driven services to customers – and with the
proliferation of devices – this has not only
FEATURE: DISASTER RECOVERY
added layers of complexity to protecting
the business network but has also made
endpoint security more critical than ever.
A proactive approach to endpoint security
would include the network, applications,
critical data and identity security, where the
utility can then build this out across all their
endpoints and business sites. For an endpoint
driven security strategy to be truly effective
the following needs to be front-of-mind:
• Endpoint security must be fully integrated
into an overall cloud computing or
security strategy
• There must be a known common security
goal for the business. This reduces the
potential risk of dislocation in security
processes, which can also create
unnecessary vulnerabilities
• The security strategy must ‘bring
together’ the beginning, middle and
endpoint under a single, central endpoint-
protection infrastructure and policy-
enforcement mechanism that does not
hamper users or impact the performance
of their machines
Security is about trust and transparency.
Utilities who fail to develop a clear idea of
the risks and the strategies that are required
to protect employees and business assets will
not survive long in this new digital age.
Investing in the latest technology alone,
however, shouldn’t be the first priority, as
this is only as effective as putting up fences.
As people and things become increasingly
connected, the need for streamlined,
centralised and intuitive security measures
is only intensifying. Utilities should therefore
begin by undertaking a full SWOT analysis of
their current controls and best practices, and
take time to understand how these will stand
up against threats they are seeing.
It is only by understanding and identifying
the potential gaps that the controls can
be refined to plug these. And then, with
embracing the capabilities that new and
innovative technologies – including cloud
computing and IoT – boast, a utility will
be well placed to build more effective
prevention capabilities across their business
network and exploding number of endpoints.
And, able to maintain a sustainable risk
position against the evolving threat
landscape in the digital world. n
INTELLIGENTCIO
55