IoT / ‘Training, not amazing software’ is the key to information security, say experts
‘Training, not amazing software’ is the key to information security, say experts
13 October 2014
Some of the country’s foremost cyber security leaders gathered at The Savoy in London in September for a special breakfast hosted by Business Technology.
The morning saw the launch of research from Colt that showed 90 per cent of IT managers feel so anxious about data centre planning that it impacts their work.
64 per cent of those surveyed said security is the most important area of such projects, with viruses and network issues the most pressing concern for British and German managers.
Introducing the morning’s discussion, The Telegraph’s Matt Warman said: “This is a topic that is only becoming more and more interesting to the wider world.”
Several attendees expressed concern about the evolving regulations surrounding data centre security and privacy in a post-Snowden world. One leader said he would be “hesitant” to use a US-based provider for fear of government access requests.
“Do we really believe that the UK government does not have access to our data?” countered another of the information security experts.
The Lexis Agency IT manager William Hunter praised the flexibility of providers like Google, which he said had “thrown more and more control” at him over the last year to a point where he can pay a fee to ensure that his company’s data is stored within the European Union.
The group of information security leaders also reported that they have had to undertake large amounts of work to allow employees to adopt the latest technologies in the office.
Stephen Davies, vice president and head of enterprise IT at Visa Europe, said his business’s users have become “more demanding” in recent years, but it was agreed that employees’ wishes should be accommodated as much as possible because they are used to rapidly changing technology at home.
Tradition group CIO Yann L’Huiller said: “We have to allow people to breathe a little bit in the office if they have to access Facebook or access their personal email.
“It is the pace technology evolves at these days. Staff want more and more because they see that in their private lives.”
Users are increasingly at the centre of information security, the group agreed, with the rise of techniques like social engineering placing more emphasis on their training. Hunter reported a 98 per cent success rate gaining new recruits’ Facebook passwords during training as a way of highlighting these dangers.
He said: “Security is not about what amazing software you have got. It really comes down to how well you train your people. What is the risk – even accidentally? I have had some people accidentally do some really daft things.”
Warman added that he saw an “awful lot” of sensitive information during an experiment that involved nothing more than looking through office windows.
One attendee even said he discovered the location of one of his firm’s “top secret” data centres after spotting staff on a cigarette break wearing company lanyards.
These concerns were reflected when the IT leaders were asked about their biggest security concerns. 40 per cent said they were most worried about external hacks, while 30 per cent pointed to incidents caused by human error.
But the message from the leaders to data centre providers was clear: in a growing market with an increasing number of high-quality offerings, firms must bring something unique to the table to catch the eye of IT decision makers.
“There is more than one data centre provider in the world and I think that a lot of them are now on the same level,” L’Hullier said, summing up the discussion. “What is it that you provide that will make me switch?”