Frank Vukovits |
The phrase ‘enterprise security’ evokes the fear of external threats for companies and there is a whole host of cybercrime activity that contributes towards these threats.
Enterprise security within organisations is much less talked about, particularly the business applications that are used, such as enterprise resource planning or accounting applications. To achieve complete enterprise security, the threats both inside and outside of an organisation must be addressed.
At Fastpath Solutions, we describe enterprise security as a doughnut. The round exterior of the doughnut is where most security measures are put in place to stop external threats. Often, the hole in the middle of the doughnut, where the business applications are, lacks sufficient security. When a security plan is created, part of it should always address internal threats, such as employees and contractors within the organisation who have access to these critical business applications. Granting these individuals too much access can result in errors, fraud and theft of intellectual property.
Once an organisation knows where its most critical data resides in its business applications, it can deploy the proper tools and security measures to achieve an acceptable level of risk.
However, business application security is more than just ensuring that only the right people are provisioned with the appropriate privileges. Businesses must also carry out periodic reviews of user access to determine whether access privileges should be modified.
Organisations should also be monitoring what users do and look for anomalies in their behaviour. Unusual transaction times and account activity could indicate fraud or a hacker taking over a user’s account. Shutting down user activity outside of regular business hours or from specific locations is an effective security measure that goes beyond simply granting or denying users access to various business applications.
Frank Vukovits is director of strategic partnerships at Fastpath Solutions, a certified information systems auditor and a certified internal auditor
This article was originally published in the Summer 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.