Supporting Programme 2018
Ernst & Young - Is conventional IT protection still up-to-date?
Decentralized system landscapes, increasingly extensive mobile networking and the increasing importance of cloud infrastructures are reasons enough to rethink conventional protection measures.
It is no longer just a matter of centrally securing networks at the perimeter level, protecting them from cyber attacks and meeting the growing number of compliance requirements. The central management of millions of different identities, user accounts and mobile devices presents companies with new challenges. Organizations that cannot understand who needs and uses which access rights for systems and applications and when will sooner or later experience problems.
Completely new protection concepts are required that take into account the shift of the attack vectors from the perimeter level to the internal company level. With today's advanced attacks (e.g. malware and phishing), the perimeter protection area can be easily bypassed. Therefore, protecting the perimeter is no longer an effective strategy.
This is where the right controls must be provided to minimize the risk of data breaches and, for example, to prevent malware from being distributed across the environment. This means that the possibility of lateral movement must be limited or suppressed.
With new situations, companies can no longer fully trust the identities and devices on their network. In addition, organizations can no longer make access decisions based only on where a user and device are on the network. Instead, a security strategy is required to grant access based on verified devices and user identifications.
The objective should be to effectively use dynamic access policies based on risk calculations in static access control lists.
--- Date: 10.10.2018 Time: 3:15 PM - 3:30 PM Location: Forum M10 - Management