Fabio Douek, Head of Cloud Architecture at Singlepoint spoke to Billy MacInnes in TechPro, about security – why awareness is half the battle in combating cybercrime. Read the transcript of this interview below.
Everyone is agreed that cyber security is a massive issue. But in a world of hybrid solutions, how can channel partners ensure they deliver the appropriate security strategy for customers to help them close gaps and mitigate risk? And how can they manage the various options to provide the layered security that customers need, be they enterprises or SMEs? Should partners seek to engage more deeply with customers, for example in providing services such as user awareness training?
“With most customers, partners need to identify the security requirements a customer has, perform a security gap analysis, build a gap initiative and implement it. The process “might change slightly depending on the customer”, Douek remarks, as some may “have already done the assessment, others might not want the full implementation or they might have a third party vendor looking after security”. For a cloud-based architecture, Singlepoint in some cases might just be aligning with the mechanisms a customer already has in place for security.
“How do you manage various options and who is responsible?”, he asks. Banks tends to have their own security teams but SMEs might prefer a channel partner to “be fully responsible for all security, especially if they’re taking managed services role, while others might prefer shared responsibility where the partner is responsible for the application only”.
With cloud-based engagements, if it’s a greenfield project, the partner will be “responsible for everything, including security. But if there’s a structure already in place, the customer usually follows the traditional security path already in place. This can cause complications in some cases, where the security policies and best practices are either not well documented or not shared with partners”.
As for user awareness training, Douek describes it as a “key, especially for cloud-based solutions. Historically organisations have a security team, a networking team, an applications team etc, but from a cloud perspective, the roles change a little bit, so it’s crucial there is an awareness of security and training as well”.
While it’s true that nobody will decide they want to do something that is going to compromise the data, they can sometimes do so because they don’t understand the implications of what they’re doing. “It’s very easy to do the right thing on a cloud-based solution,” he says, “but it’s also very easy to do the wrong thing”.
It’s important to get a firm view of the existing processes and to understand how an organisation is handling security, user names and passwords. But this can also cause friction if “individuals feel they’re being judged, they don’t really tell us how things happen behind the scenes. In this case you can’t really rely in what is being said is right. Trust is key to get the assessment right. You’re not trying to judge anyone but you need to make sure there is continuous improvement on security awareness.”
One thing that has remained almost a constant with security is that when you ask organisations how important it is, “they put it at the top of the list, but when you ask them how much resources they can assign to security from human resources and budget, it goes to the bottom”.
Read more on: http://www.techcentral.ie/