Battling online security concerns with layers: Cisco

Cisco has suggested that businesses look at security in layers, in much the way as they do when looking at adopting new infrastructure.

Online security is still a topic of conversation for many board members, but according to a panellist of speakers at the Cisco Cybersecurity Day briefing on Thursday, the traditional impression that online security is renowned as being the "guns and gates" of preventing things from happening needs to change.

Instead, Alistair MacGibbon, Dimension Data Australia general manager of security, argued that people's perspective of online security should be that it helps write the right rules around what information is being accessed and eliminates any "white noise".

"It really is, not only just rightly about enabling, but it's about understanding what's happening on networks, and then once you know what's going on in the network, you want to look for the egregious things you want to know," he said.

Cisco global vice president of information security Steve Martino drew on Cisco's experience embracing BYOD in the company as an example to illustrate that security played a role in helping the company create a "trust platform". He said the company essentially gave its staff a list of requirements they needed to be met before they could be granted access to its network, and if they were unable to do that then their access were limited.

"This was a flip from security being a controlling management, instead we told our staff 'Here are some of the things you need to do before you can have access to the networks'," said Martino, who believes this has helped the company establish a basic security structure and guideline for any technology that will be brought into the environment in the future. 

The panel also highlighted that a common factor letting businesses down when it comes to security is the lack of education, particularly more so among the small to medium business sector, and suggested that companies need to run different education programs for different departments within their organisations, with Martino saying it will make them "aware of risks and obligations" and it will be a "very focused way" to do it. 

Cisco has indicated the approach businesses need to take when it comes to deploying security is through layers, much like how they would currently deploy new infrastructure, so in turn if an issue arises, there will always a form of backup. The security infrastructure should be made up with four layers: infrastructure element, security services platform, security services and apps, and then management to oversee the entire structure.

"The threat environment is a never ending flow of vulenerabilities and therefore it needs defence in depth and layers," said Jason Smith, technical director of the Australian government computer emergency response team.