How Dell is taking the challenge out of security

Jackson Shaw, senior director of product management at Dell Software, gives us an update on the adoption of context-aware security approaches and offers his advice to organisations that want a smart, flexible solution

Lindsay James
Lindsay James
By Lindsay James on 11 August 2016
How Dell is taking the challenge out of security

This article first appeared in the Summer 2016 issue of The Record.

Earlier this year, Jackson Shaw explained to us just how important it is for today’s enterprises to develop a context-aware identity and access management (IAM) security strategy. Now, several months on, and while he is witnessing change in the demand for IAM solutions, these are reactive deployments, rather than proactive. “By this I mean that it is only after an incident that organisations review security protocols and policies and consider changes,” Shaw explains. “Changing this thought process from reactive to proactive takes time, but we are starting to see companies become more proactive due to their auditors asking more pointed security questions that can be answered with context-aware identity solutions. Establishing effective identity and access management strategies is a great way to take a proactive stance to an organisation’s overall security posture.”

With an influx of devices brought into corporate networks, and smarter employees using a variety of personal and corporately owned devices to access the corporate data to get work done, Shaw recognises that organisations face a number of challenges in terms of IAM. “Organisations must ensure that they have the security technology in place to alert them to unauthorised or unapproved devices accessing the network,” he says. “By doing so, it becomes possible to identify employees that may want to bypass security protocols.”

A recent Dell survey on data security discovered that IT teams felt there was a significant lapse between deploying the right level of security and being able to provide employees access to ongoing resources to ‘keep the lights on’. “With this in mind, it is vital to remain proactive with IAM deployments, as businesses are not static, they must remain flexible in order to succeed, and flexibility brings changes to the way that employees work on the network,” Shaw explains. “The challenge this brings to the table is that some organisations may opt for a basic IAM infrastructure. Whilst this may protect the most vulnerable parts of the network, it may not adequately protect the remainder of a growing network. This siloed approach can hamper the growth of the organisation, as well as reduce employee productivity and satisfaction, as users may regularly face challenges and may begin to search for work-arounds that ultimately exposes the business to risk.”

Shaw recognises that today’s employees require any time, any device and any location access to the corporate network. “This is something that cannot easily be accommodated using a traditional, static security process,” he says. “Traditional security approaches address point-in-time risks when security is implemented in silos. Often, we see that users are required to have separate passwords for everything, and this is layered with multifactor authentication. When users work off site, they are subject to further scrutiny, however, with the wrong IAM solution in place, users can face frustrating obstructions, affecting their productivity, whilst exposing the business to risks should a workaround be discovered.”

Shaw says that Dell takes a different approach. “We offer a real-time authentication strategy, ‘context-aware’. This alleviates mismanagement of access issues by focusing on the context of the access request to ensure access is appropriate in real-time. IT gains the ability to automate and ‘step-up’ to multifactor authentication when it is required. In addition, multiple passwords (or authentication actions) can be unified to present the user with a seamless access experience that maintains all the security that business and IT demand without negatively impacting productivity. In effect, this changes security from a productivity barrier to a business enabler.”

Shaw expects organisations to realise the benefits of an effective IAM strategy over the course of the next twelve months. “This drive in realisation is expected to come ahead of EU legislation changes, namely GDPR,” he says. “Organisations and auditors will need access to reports highlighting which users have privileged access rights, when they are using them, and what files they are accessing.”

Furthermore, with a change in regulations, organisations must be quick to respond and remediate threats prior to experiencing a breach. “With a comprehensive IAM strategy, organisations can monitor what users are accessing the network, from where, and from what device. This automatic detection can establish trends in individual user patterns, creating a risk score. If the risk is too high, it will either interrogate the device, requesting the user to input more information in order to help identify itself, or it will refuse access, locking the user out of the system. This level of integration helps network security to become smarter, and more aligned with the businesses.”

Shaw says that those organisations who fail to implement an appropriate strategy are taking a number of risks. “These risks come in many forms, from loss of business, to loss of consumer trust, and even imprisonment of board members,” he explains. “Given the upcoming GDPR legislation reforms, it is imperative that organisations are able to understand and put the steps required by the legislation into action.”

 


Number of views (2163)/Comments (-)

Tags:
Comments are only visible to subscribers.

Theme picker