Data security breaches have become a significant issue for companies large and small, and the problem stands to only grow as more devices and applications are being used inside and outside companies\u2019 facilities to access corporate data, according to Microsoft executives speaking during a June 30 webinar.<\/p>\n
\u201cWe are in turbulent times,\u201d said Ann Johnson, VP of Microsoft\u2019s Enterprise Cybersecurity Group. When one looks at the news, \u201cyou\u2019ll see a breach every single day practically, where millions of customer records were lost \u2014 at least it feels that way,\u201d she said.<\/p>\n
Last year alone, 160 million customer records were compromised, and the estimated cost of each breach was more than $3 million to businesses, she said. But the \u201cscariest thing\u201d is that the people responsible for those breaches are \u201cin your environment for over 200 days\u201d before they are detected, she said, adding: \u201cCan you imagine the impact on your household if someone broke in and had unfettered access for over 200 days? Can you imagine the damage they can do? Now think about someone being in your [IT] environment \u2014 in your data, in your systems for over 200 days.\u201d\u00a0<\/p>\n
The problem has only grown as the IT environment changed in recent years, she said. In the past, there was a more \u201clocked-down\u201d environment in which there would be a computer on one\u2019s desk with access to a company\u2019s system and that access could be easily controlled, she said. There was a \u201chard perimeter,\u201d along with firewalls, routers, antivirus controls, and \u201cmaybe you had strong authentication,\u201d she said, adding: \u201cIt was a really controlled environment.\u201d<\/p>\n
But all that has changed now. \u201cYou have people bringing their own applications. You have people bringing their own data. You have people bringing their own devices. They\u2019re traveling remotely. They\u2019re using tablets. They\u2019re using mobile devices. They\u2019re everywhere \u2013 and all times of day and night,\u201d she said. All of these factors have made controlling the IT data environment much more difficult, she said.<\/p>\n
Companies must better secure the applications they are using because applications \u201cwill become the next big threat vector,\u201d she predicted. \u201cAs we lock everything else down, we need to think more strongly about secure coding\u201d for applications, as well as \u201crogue apps,\u201d she said.<\/p>\n
Security threats can \u201ccome in from anywhere\u201d in the IT environment now, be it a device or an employee: wherever the weakest point is, she said, pointing out that the breaches can be done via phishing attacks and \u201csocial engineering,\u201d among other methods. But \u201cidentity is still where over 60% of breaches start,\u201d she said.<\/p>\n
Security needs to be embedded in applications, but it must be done in such a way that it doesn\u2019t prevent that application from functioning the way it\u2019s supposed to, she said. It\u2019s \u201creally hard \u2026 to balance that\u201d as an IT professional, she said.<\/p>\n
But that balancing must be done because brand reputation is at stake when it comes to security breaches. \u201cNobody wants to be the next company in the news because you had a massive breach and lost a large amount of customer records, or you lost critical IP data out of your company, or worst yet, you lost something that could actually be a threat,\u201d Johnson said.<\/p>\n
Companies must, therefore, put a lot of controls in place to prevent breaches from happening, she said. But if a company suspects there\u2019s been a breach, it\u2019s important that it assume there has been one and quickly set out to \u201cmitigate the damage,\u201d she said.<\/p>\n
Best practices for companies include making sure they have \u201cvisibility\u201d into their assets, wherever those assets are, she said. Behavioral analysis is an important tool and companies must work with their cloud providers to best determine what security controls to put in place, she said. Companies must also manage whatever devices employees are using at work, she said, pointing out those devices may transfer malware to the company\u2019s IT system.<\/p>\n
Companies must also develop policies governing the use of the software as a service (SaaS) applications their employees are using at work, apply rights management to those applications that are approved, and then monitor the use of those applications, said Julia White, GM of Microsoft\u2019s Cloud Platform Product Management.<\/p>\n
The Microsoft Secure platform is designed to help companies put security controls in place to prevent breaches, White said. \u201cWe know people will not use technology if it\u2019s not secure,\u201d she said. When it comes to security, Microsoft is taking advantage of all its assets, including its Office and Azure cloud computing platforms that customers are using each day, she said.<\/p>\n","protected":false},"excerpt":{"rendered":"
Data security breaches have become a significant issue for companies large and small, and the problem stands to only grow as more devices and applications are being used inside and … Continue reading Microsoft Execs: Tough Times Demand Tough Cybersecurity Efforts<\/span>