Blog posts by Warwick Ashford

The world of working is changing – we are increasingly working collaboratively in teams, but members of those teams are no longer necessarily in the same office, location, or even the same organization. But all forms of collaborative work require team members to share data, and in the face of rampant data theft, secure collaboration is essential. To remain competitive, organizations need to ensure that employees are able to communicate and exchange data easily and securely with authorized internal and external collaborators, wherever they may be in the world. Increasingly,...

As the intensity and sophistication of cyber-attacks, and the complexity of business IT environments continue to increase amid an ongoing worldwide shortage of skilled cybersecurity professionals and a growing number of data protection regulations, many organizations are looking to security automation as a potential solution. As machine learning and other forms of artificial intelligence have matured, security automation has become increasingly practical, but at the same time it has become increasingly necessary to stem the tide of cyber-attacks that thanks to the same AI technologies...

Cybersecurity has never been more important or challenging. A worldwide shortage of people with the necessary cybersecurity skills is coinciding with increasing complexity of business IT environments and the further industrialization of the cybercrime industry alongside an increase in state-sponsored cyber threats. Cyber-attacks have continued to intensify and diversify as the attack surface has expanded with organizations increasingly adopting cloud-based services, mobile and home working, and internet-connected devices (IoT and IIoT) as part of accelerated digital transformation...

In the digital era, being able to manage and control access to services, data and other resources by employees, partners, customers, and devices (things) is extremely important, and a key element of that is identity. Having a comprehensive Identity and Access Management (IAM) capability, therefore, is essential for any modern business. In fact, the management of identities and permissions in digital transformation is the key to security, privacy, compliance, governance, and audit, as well as system usability and user satisfaction. Traditional IAM systems meet only a fraction of current...

Cyber-attacks are continually evolving and so too is the approach organizations are taking to defend themselves, and nowhere is this more evident than in Endpoint Protection, Detection & Response (EPDR) technologies which show the shift from prevention or protection alone to a much more realistic and proactive approach that assumes breach and adds detection and response. Most organizations now understand that 100% security is almost impossible to achieve, and although prevention is preferable with some types of malware attacks such as ransomware and wipers, in many cases determined...

As discussed in the last edition of KC Navigator, public sector organizations are increasingly early adopters in digital identity, digital transformation, and cybersecurity, providing the opportunity for private sector organizations to learn from public sector implementations and follow their lead. Within cybersecurity, government adoption of a Zero Trust approach to security, particularly in the US, is a prime example of where the public sector is providing a lead for the private sector to follow because both sectors are potential targets of the same cyber threats. Zero Trust is not...

Although there are some differences, in many ways the business IT and cybersecurity requirements of government are very similar to those of private sector organizations, and therefore public sector initiatives can often offer insights on tackling common challenges. Public and private organizations both have to ensure the services are agile and innovative to remain cost effective and provide good user experiences, both have to ensure privacy for users of their services, both have to manage user access based on identity, and both have to face similar cyber security threats against...

As the world becomes more digital, and the right to privacy becomes enshrined in a growing number of laws and regulations around the world, organizations increasingly have to pay attention to protecting the privacy of individuals in all their data handling and processing. In the digital era, privacy guarantees need to be taken into account when designing any interactions with individuals that involve personal information, not only to avoid the risk of sanctions for failing to comply with privacy regulations, but also to gain consumer loyalty through winning their trust. Since the...

A growing number of organizations are adopting cloud-based services driven by digital transformation, the desire to cut costs, and the need to support remote working. As a result, most organizations have ended up with a mixture of on-prem and cloud-based infrastructure because of the challenges in shifting all existing services to the cloud, with many adopting a phased approach. The majority of IT environments, therefore, are now hybrid with legacy applications and some business-critical data remaining on-prem or in managed hosting solutions. At the same time, organizations are...

Passwords are inherently insecure, and adding multifactor authentication can help compensate, but ultimately, organizations should be aiming to eliminate the password altogether because strong password polices are difficult to enforce, and passwords are easily compromised and are costly in terms of management, password resets, and lost productivity. Adopting multi-factor authentication (MFA) can immediately enable stronger authentication to reduce cybercrime, but it should be regarded as a short-term improvement over passwords alone, with the ultimate goal being truly passwordless...