Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies

(Req)

These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Managed Security Services: Nice to have or necessity?

Blog

Today I caught up with Guido Crucq, we discussed Managed Security Services (MSS) and their role in securing today’s enterprise networks.

Guido is the Group SVP – Security for Dimension Data, and previously the General Manager for the Security Business Unit, Dimension Data Asia Pacific.

Keith Austin: Guido, thank you for taking time to chat with me today. Security is a hot topic these days with data leaks at Sony and Target to name some high profile examples. How have you seen enterprises’ approach to security change in response to these threats?

Guido Crucq: Consistent is the highly fragmented market place that is characterised by varying technology for specific problems. Many new technology start-ups only tackle part of the problem. In the last 5 years the importance of cyber security in enterprise and the impact of breaches where cyber-security was not addressed is now an entire organisation problem and therefore comes to the attention of the C and board level. Criminals now invest in cybercriminals and away from traditional crime. This is helped by the advent of places like the dark-web for criminals to work anonymously in a borderless environment. These criminals have easy access to tools, there is a lower risk of being caught and the punishment lower. Also there are less people involved and it is easier logistically. Last but not least is the fact that malware is now a traded commodity between criminals as opposed to the published content of previous times.

KA: Your mention of malware as a traded commodity draws me to the threat of ransomware, specifically the most recent threat from WannaCry. How can organisations effectively protect themselves from these threats? Is the answer more than technology?

GC:  While WannaCry has been great at highlighting the risk associated with ransomware, unfortunately it has proved more of a distraction and meant a lack of focus on a more wide-net strategy. The main point about ransomware in general is that it is nothing new. This type of attack to exploit a known vulnerability has been around for a long time. The purpose of such an attack is to have a high volume with high impact. With a good patching regime and other standard security polices and procedures in place, organisations have nothing to fear from such campaigns.

KA: What do you see as the common weak point in organisations today?

GC: Device management, keeping servers and other infrastructure patched and up to date. Keeping security controls well managed, well configured and properly patched. Cyber security is still addressed in a very siloed way with network, application and end-point all working separately. They are trying to address threats cross-functionally, where hackers expose threats across the stack. Meaning they are more agile and can expose threats easier. They also share information and tools within a social community construct, working together where organisations are not.

KA: Today there are very expensive and complicated security products available to organisations, how do they choose the right technology and how do they ensure a return on investment?

GC: Again, organisations acquire new technology in a siloed way to address a specific threat. This is often lead by FUD (Fear, Uncertainty and Doubt) techniques to perpetuate this. Once these new technologies are deployed, organisations quickly realise they do not have the expertise to manage and operate these devices. This can not only cause strain on resources but also have the effect of creating more security problems than it addresses.

KA: How does MSS help in achieving these desired outcomes from new technology?

GC: Outsourcing security operations does not relieve the client from responsibility but it does change the focus from infrastructure management to risk management. Taking advice from the MSS provider to achieve the desired business outcome, economy of scale and the right expertise for the technology in use. Then the provider can correlate what is happening within the client with what is happening on the internet. Remember that cybercriminals only have to get it right once, while our defence can never fail.

KA: What new innovations are you seeing in the industry that either scare or excite you?

GC: Critical infrastructure providers (power generation, water supply etc.) traditionally don’t have a good grip on their infrastructure and IT systems, add to that they are embracing IP enabled networks or third party access to their Operation Technology. We have seen this become a serious threat in the recent past.

I’m excited by the possibility from IoT (Internet of Things) but concerned again about what this means from a security stand point. By this I mean, think about building consumer electricity, transportation, retail, industrial technology, etc. If a bus with 40 people is controlled by a cybercriminal the impact is now a public safety issue – not just an IT one. This is the state we are heading towards and we need to be prepared with IT security to avert the threats.

KA: Last one for you Guido, do you see a difference to the way Asia approaches security from the rest of the world, specifically large markets such as North America and Europe?

GC: Leap-frogging into the future. This can be a risk as well as a positive. While the region may not have legacy issues, they also do not have the process and people to avert threats etc.

KA: Thank you again Guido, this has been very interesting for me and I’m sure the readers.

If you are looking for help to navigate the security risks facing your organisation today, please reach out to your nearest Dimension Data office. Alternatively, feel free to contact Guido or myself directly.

Previous Article: Containers benefit your hybrid IT strategy. Here's how Next Article: Are you ready for a seismic shift in networking?

You may be interested in

Cityscape
Blog

Why legacy networks are holding back IT innovation

New technology may be the driving force behind a company’s ability to innovate and grow, but IT departments are playing an increasingly smaller role in driving the uptake of technology.

Read blog
Speed train
Blog

The need for the business to thrive sees speed eclipse cost

Digital disruption casts a long shadow over the business landscape. Every organisation believes that it’s under threat and IT leaders need solutions.

Read blog
Highways
Blog

IT Trends 2018: Programmable infrastructure everywhere

The evolution of IT infrastructures is an exciting and complex subject, as it redefines the strategies that support an organisation’s digital aspirations.

Read blog
Woman working on a tablet
Blog

Your network is a goldmine of business intelligence

Network insight is giving us new ways to monetise infrastructure. It’s driving the creation of new forms of value in the workplace and in customer engagement, increasing productivity and revenue.

Read blog