Robin Wright (Managing Architect, Microsoft) “Get your basics right!”
As computing and societal trends have evolved over the last few years, organisations and people alike are more vulnerable to security threats. Robin Wright, a Managing Architect in the Microsoft Middle East Africa region, recently led a workshop in Mauritius, attended by some of the biggest Mauritian companies.
Donald Li Ying, Senior Manager – IT at Air Mauritius, attended this workshop. “ IT plays a key role in supporting and enabling our business operations. There is a constant need of alignment to international best practices which we rely on for expert advice. This is how we have developed a close collaboration with Microsoft on a wide range of IT challenges, including IT security. This contributes to our IT strategic decisions, therefore optimizing our investments ”, he explained.
Mr Wright’s focus, when speaking to Mauritian enterprises, was Microsoft’s Security Strategy, built around three pillars: security fundamentals, technology innovations and industry leadership. The foundation of any security strategy lies at understanding the needs of any organisation and end-users, and creating wellbalanced security architecture.
In arguing the importance of balance in a security model, Mr Wright asserts that it is possible for corporations to have “ too much security ”, a situation which generally occurs when security controls are too concentrated in one layer and not enough in another. While it is important to protect intellectual property, assets and data, a well-balanced security model creates security controls without hindering productivity.
More recently, corporations are presented with new security concerns, thanks to emerging technology trends that introduce new risks – such as the consumerisation of IT, Cloud computing, targeted attacks and identity theft. According to an IDC (International Data Corporation) survey, 95% of information workers use self-purchased technology for work.
What corporations see as cost-cutting measures can actually make IT systems more vulnerable to attacks on data they thought well-protected. Microsoft’s Flexible Workstyle is structured around the notion that, with proper security controls in place and well-structured e-Health solutions, any device can be allowed and supported without compromising enterprise security.
As a member of the Cloud Security Alliance, a non-profit organisation led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders, Microsoft recognises its responsibility to promote best practices in security assurance within Cloud computing. Cloud service providers are held accountable for complying with security certifications.
At the same time, part of the burden of security also lies with corporations and governments that turn to the Cloud as part of their business continuity planning – using it as a second data centre in the event of business disruptions. They can assert their own controls over how their data is secured – whether in a private, public or hybrid Cloud.
While some organisations – for instance banks, governments and more recently, the oil and gas industry – are more vulnerable to security threats, any entity can be a target. Banks, for instance, are prone to phishing attacks; government websites to defacement and being used to make political statements. At a corporate level, hackers can gain full control of an organisation and ask for a ransom to return digital assets. Avoiding such hacks isn’t altogether impossible – corporate and individual end-users can protect themselves by having well-balanced security systems in place, educating themselves on these systems and maintaining good security health.
“ Ultimately, if organisations don’t have the basics right – updated antivirus software, managing least privilege accounts and proper patch management solutions that include 3rd party applications – no matter how much money they spend in other areas of IT security, their corporate systems can still be compromised and exploited. That is what we see a lot of in the Middle East, Africa and here in Mauritius ”, Mr Wright concluded.
The health of any system, however secure, can also be drastically compromised by the risks introduced through pirated software. Mauritius has a piracy rate of over 55% and the impact is felt by end-users who unknowingly expose themselves to malware existing in pirated software, making it easier for hackers to access sensitive information.