The past two years have brought with it several challenges when it comes to the business environment, many of which have been born out of a failure to react quickly enough or implement effective strategies to deal with issues as a result of the pandemic.
With 24 months under our belts, the time has come to be better prepared for the challenges of next year and for many businesses that means security. It is one area that organisations have failed to correctly address, with the remote or hybrid working model necessitating the capacity for employees to work as best they can.
While some organisations pivoted well to this change, thanks to a mature digital transformation strategy, others faltered, allowing cybercriminals to take advantage of the gaps left open.
With this new normal now here to stay, businesses across South Africa cannot afford to continue in the current fashion and there is an overwhelming need to implement an effective security strategy.
It’s about involving all stakeholders, not distrusting employees
Here enters BeyondTrust, which recently held a roundtable discussion with executives from the enterprise and government space in order to understand what the challenges are and how a zero trust approach to security of the business environment needs to be actively considered by all.
Specialising in Privileged Access Management, BeyondTrust is uniquely positioned to offer a scalable platform that evolves as threats to the business do, allowing for endpoint, server, cloud, DevOps and network device environments to all be catered for.
For many organisations moving forward, a zero trust approach holds several advantages, providing checks and balances across the business from end-to-end, particularly ensuring that the human element is catered for.
BeyondTrust knows that employees are not willingly making themselves a security liability, but the fact that the human aspect of any organisation is always its weakest point is something that business owners need to acknowledge and address.
All eyes on you as a result of PoPIA
For the local context, on top of safeguarding access to data within the business from ne’er-do-wells, businesses operating within South Africa will need to pay more attention to the implications of the Protection of Personal Information Act (PoPIA), which came into effect earlier in the year.
It is something that Deneshree Govender, head of regulatory risk, compliance and strategic business projects at Stanlib, is acutely aware of.
In attendance at the aforementioned roundtable, Govender noted that the Information Regulator has been quite lax in issuing fines for non-POPIA compliance to date, but as we have seen with GDPR in the EU, should the outlook turn increasingly punitive, many an organisation operating in South Africa with outdated systems and processes susceptible to breaches, could come in for cripplingly hefty fines.
Govender also hammers home the point that, “while many new technologies are being embraced, all of which touted as being the most secure on the market, placing trust in these technologies alone still leaves your organisation vulnerable.”
This especially when secure cloud solutions, which are believed to be highly secure or even blockchain-based approaches are breached, she adds, the fallout from which for a business can be detrimental.
The need for control wherever possible in the business
It is a sentiment echoed by Joseph Stokes, head of cyber security and IT governance at Telesure, which has adopted a hybrid cloud model when it comes to the handling of its data.
He cites the cost benefit of such an approach where needed as part of a legacy system overhaul, but also highlights the fact that there is a larger push to shift all the company’s enduser elements to the cloud, where better security and greater control can be administered.
This is what a zero trust approach affords, more control, not of employees, but of the rich data they routinely access.
Stokes emphasises that security is only an obstructive element when it is treated as an afterthought. If it is folded into every step of the process, much as it is with a zero trust approach, it carries with it a myriad benefits for the business.
“If you try to fit something into a shape or design it is not intended for, it is bound to create friction, but if you get the design right, it can fit in seamlessly,” he adds.
Backing up that approach, partner/director at Deloitte Africa, Kevin Govender, cites a report from the firm released a couple of years ago around technology trends, specifically as it pertained to security within the operational environment.
This in turn led to Deloitte creating its DevSecOps (development, security and operations) culture to solution design and implementation.
“If you look at the speed at which your company needs to operate, and the fact that any part of the business can be scaled up via technology, we wanted to ensure that security is an embedded component of any process,” he emphasises.
This principle is what zero trust also aims to imbue a business with.
Zero trust offers greater peace of mind and better authentication
While BeyondTrust is not in the business of profiting from fear mongering, it is acutely aware of the inherent flaws that exist within any organisation’s system.
As such, a zero trust environment may prove the best approach to a business landscape constantly in flux and limit the potential threat surface.
To find out more about BeyondTrust and its services, head here.
[Image – Photo by Alex Shute on Unsplash]
