The IT team realised things had to change. Undefeated by the hackers and spurred on by the event, the IT manager embarked on a quest to find out how to keep his company safe. Some time ago, he heard of the myth of six mystical IT experts, who held the golden rules for data and enterprise security. Spread across different lands, the IT manager travelled far and wide to find each expert.
In the Kingdom of Aeriandi, the IT manager met Tom Harwood, its CPO and co-founder. His rule was to protect the contact centre: “Company castles spend vast sums on keeping data secure, but often overlook the contact centre. This area acts as the castle’s ear to the people, listening to the problems of regular townsfolk and taking payments for castle services.
“But the contact centre also manages sensitive townsfolk data. This area is constantly under attack. Telephone agents are particularly vulnerable to social engineering and manipulation. Often, pesky criminals will gather small amounts of personal information from social media sites and attempt to manipulate contact centre agents with dark magic.
“While customer experience is important, protecting payment data should be the number one priority. The best way for kingdoms to protect townsfolk’s data is ensuring payment details never enter the castle’s contact centre from the outset. With no card data being stored, processed or transmitted through the castle’s systems, the dark magic threat is removed and the kingdom lives happily ever after.”
Next, the IT manager travelled to the Land of the Cloud, where he met Eduard Meelhuysen, head of EMEA at Bitglass. Meelhuysen’s rule was to take responsibility for the cloud, and be aware of its shared responsibility model: “Many company kingdoms have experienced the dangers of having data exposed in unsecured cloud storage databases. Most recently, the kingdom of Octoly unintentionally leaked the details of citizens. These exposures are difficult to stop because they typically originate from human error.
“Under the shared responsibility model, the public cloud vendor’s role is to protect infrastructure and applications so that kingdoms can use them without fearing security flaws. However, responsibility for data stored in these applications and for access to that data is bestowed upon each kingdom. Unfortunately, some IT knights are unsure of their cloud responsibilities, increasing the likelihood of exposures.
“Furthermore, the cloud setup process can be perilous even if one has received ample training. Because of this, kingdoms using the cloud must leverage at least some of the security powers available to them either from public cloud providers, IDaaS providers, or CASBs, which provide visibility and control over cloud services like AWS. Kingdoms should also reinforce basic security best practices such as limiting access from outside the corporate castle and encrypting highly sensitive data.”
The IT manager visits the Cybersecurity District on the next page.