Mobility in the enterprise has completely changed the IT security landscape, and organisations need to adopt new ways to respond to potential threats, according to IBM director of application, data, mobile, and infrastructure security, Caleb Barlow.
Smartphones and tablets are now ubiquitous in the developed world, with more workers bringing their personal devices into their organisations and accessing the corporate network. The trouble is, these mobile devices then become points of vulnerability, because they can easily be exposed to threats through things like third-party app downloads and even QR codes with malicious code.
"People click on stuff all the time, and if you look at their privacy settings, you would be surprised at what you are sharing unwittingly," Barlow said at the IBM Pulse conference in Melbourne. "For example, did you know Google Earth asks for your contact list information? Why does a navigation application need your contact information?"
With cyberattacks also becoming more sophisticated, it is no longer adequate for organisations to buy up the latest IT security products and hope for the best, he said.
"The big issue here is you've got lots of security products on the market — you keep buying them, new ones keep coming up," Barlow said. "What happens over time is the cost and complexity of those environments continue to grow, your agility goes flat, and your effectiveness starts to go down.
"You have too many vendors in the mix, too many products that aren't integrated together."
Companies need to have a broader view on security and understand that many aspects of IT are interconnected, such as infrastructure, applications, data, and people, according to Barlow.
"We can't just buy a solution and just focus on a particular domain; we have to be able to integrate these things and to correlate the data we find," he said.
Spandas Lui attended Pulse as a guest of IBM.