How to achieve robust IT security when resources are constrained

 

Every organisation strives to have security measures in place that effectively protect its digital assets and users. However, when IT resources are constrained, achieving this objective can seem a difficult – if not impossible – task.

Much of the challenge stems from the fact that IT teams have multiple and often competing priorities. They need to keep their overall infrastructure functioning well, scale to meet changes in business requirements, and also take advantage of new products and technologies as they appear.

When it comes to tackling the IT security challenge, increasing numbers of firms are coming to realise the important role that digital identity can play. Industry research shows that many more security breaches occur as a result of identity theft than through security vulnerabilities.

This is because a cybercriminal can much more readily gain access by pretending to be an authorised party than by making the effort to identify an unpatched server or a zero-day software flaw. This is what makes having effective ID-based security so critical.

For this reason, even when resources are constrained, allocating a portion to ID security is vital. Only then will an organisation be best placed to ward off the ever-growing number of potential threats.

The challenge of fraud

Making such a budgetary allocation is particularly important when you consider the evolving fraud threat facing organisations of all sizes. It’s a threat that has been supercharged by the ongoing viral pandemic which has caused many people to do more things online than ever before.

Cybercriminals are taking advantage of this trend. They are targeting remote workers, attempting to undertake fraudulent online transactions, and using credentials to gain access to centralised IT infrastructures with the objective of causing disruption.

Thankfully, growing numbers of organisations are responding to these threats by changing the way they deal with and respond to incidents of fraud. Where once they would have had separate and siloed groups dealing with things such as forensics, investigations, and digital security, now they are increasingly all being overseen by the IT team.

For those able to achieve this consolidation, the result is faster response times and a greater capability to stop attacks before they can have a significant impact or cause significant losses.

Achieving effective IT security

Even when resources are constrained, there are still some important steps organisations can take to improve their level of IT security. These steps include:

  • Outsource operational tasks: Many IT teams find they spend most of their time simply ‘keeping the lights on’ by completing mundane but vital tasks. This could be anything from deploying security patches to checking client devices for malicious code.

    If these tasks are outsourced to an external party, it will free up the internal team to focus on other things such as combating fraud. This approach will also ensure that goals can be reached without the need for additional staff and associated spending.

  • Keep senior management informed:
    It’s important that IT team members ensure their organisation’s senior management is fully aware of the threats being faced. They need to understand the risks involved and what the costs would be of not having robust ID-based security measures in place.
  • Have a clear plan:
    Security teams must strive to ensure they are looking out of the windscreen rather than at the rear-view mirror. This means they must use their limited resources to be ready for what lies ahead rather than focusing on what might have occurred in the past.
  • Find a trusted security partner:
    It will be all but impossible to have all the required skills and experience in house. Therefore, consider connecting with an external partner who can provide strategic advice, and not just push new products or solutions. This partner should be able to use their experience gained from working with other organisations to formulate effective strategies and roadmaps.
  • Remember that IT security is not a competitive differentiator:
    It’s important for IT teams to remind themselves that IT security doesn’t deliver a competitive advantage. For this reason, it makes sense to share knowledge and experiences with others and obtain advice and guidance in return. This can help to ensure that limited resources are allocated in the most effective way possible.

At the end of the day, technology is simply a means of production and enables the building of capabilities that deliver outcomes for human beings. Even when resources are constrained, having a focus on people will ensure that those resources are allocated in the most effective way. The end result will be the most robust security possible.

Ashley Diffey
Ashley Diffey is a passionate leader with over 20 years of experience in B2B sales, key account management and business development in both the finance and ICT/telecommunications industries, specialising in security, data, communications, SaaS and hosted software. As Vice President Australia and New Zealand at Ping Identity, Ashley is responsible for accelerating sales and bolstering customer support and services to continue driving the increasing demand for Ping Identity’s solutions in the region. He works with organisations to achieve Zero Trust identity-defined security and more personalised, streamlined user experiences. In addition, he works closely with customers to provide flexible identity solutions that accelerate digital business initiatives, delight customers, and secure the enterprise through multi-factor authentication, single sign-on, access management, intelligent API security, directory, and data governance capabilities. Prior to joining Ping Identity, Ashley worked at leading ICT/Telecommunication companies, including F5 Networks, Commvault and Telstra. During his tenure at F5 Networks, he oversaw the organisation’s southern regional channel and Telstra partnership. He was also Director for Channel Sales Australia and New Zealand at Commvault.