Enhancing cyber resilience | TahawulTech.com

John Doley, REGIONAL SALES DIRECTOR – META WHO LEADS THE ACCESS MANAGEMENT SOLUTIONS AT THALES tells Anita Joseph, Editor, Security Advisor Middle East, that it is important to look for a solution that can protect and integrate with on premises and cloud services to help reduce complexity and help with regulatory compliance at the same time.

Where are we in the cybersecurity landscape at the moment-all the rhetoric, all the planning-how far are we, in keeping up with the attacks?

Cyber-attacks are on the rise and are becoming increasingly damaging. This is evident by the significant increase in ransomware attacks which are being carried out against all components of an organisation’s infrastructure. According to Group IB, ransomware attacks grew by 150% during 2020.1

What has 2020 taught you? What are the key learnings?

Cybersecurity professionals are always prepared to adapt. Our role is centered around helping businesses understand the potential risks and new threats and events that could put organisations’ sensitive information, whether it is customer data or IP at risk. We have learned a great deal over the last year, but I would like to highlight three major learnings:

Cyber Resilience is an important business enabler in time of crisis. The pandemic has fast tracked the digital transformation journey and the urge to go remote instantly meant pushing forward with investment in cloud, connectivity, automation, and innovation that could have taken longer time to deploy in normal times. As we adapted to these new technologies and digitalisation we were exposed to new risk and challenges.

Even in the face of elevated threats, information security teams have risen to exceptional levels to support their organizations. But those organisations that were well equipped with an empowered and proactive security team could control and which were supported by robust processes and effective technology were in a better shape than the others.

2. Zero trust moves into the mainstream. The new wave of virtual workforces and the acceleration to adopting new technologies in a very short span of time gives us more reason to focus on security. With this in mind, making each device or user earn the trust to get on the network seems to be the way our security professionals are going to handle this escalation of connecting everything to the network. So our best bet is not to trust anything and move the risk/trust down to a Zero Trust Network.

The maturity to Zero Trust Network will take time and effort. We have seen organisations incorporating Zero Trust functionality incrementally as part of a strategic plan which definitely reduces risk accordingly at each step. As the Zero Trust implementation matures over time, enhanced visibility and automated responses will allow our security professionals to keep pace with the threat.

A significant challenge to achieving Zero Trust is finding solutions that cover identities. Enforcing access decisions dynamically at the application access point, irrespective of where the user resides and the device they are using. So, we could say Zero Trust starts with Managing Access to the network.

3. Remote workforce challenges. We see that security and risk management leaders are experiencing widespread disruption in Identity and Access Management space for many reasons, most notably because of the increased drive in user interactions on digital channels and the sudden and rapid expansion of the remote workforce because of the pandemic. The adoption of microservices architectures, move to the cloud, digitalisation of modern world and increase in cybercrime incidents have made it more difficult to manage users.

Cyber criminals continue to search for easy access and will continue to exploit gaps left by weak authentication methods. Unfortunately, a ‘one size fits all’ approach to authentication is no longer feasible as users are expecting to be able to authenticate from anywhere and on any device.

As data breaches continue and compliance mandates get more stringent, how can organisations protect sensitive data in both on-premises and cloud environments?

The first line of defence in protecting data in both on-premises and cloud environment is to make sure organisations have plugged in all gaps in their authentication footprint with a solution that can offer policy based access allowing them to enforce to earn the user trust by a broad range of authentication methods.

It is important to look for a solution that can protect and integrate with on premises and cloud services to help reduce complexity and help with regulatory compliance at the same time.

As cloud migration continues at a frenetic pace, tell us how Thales helps organisations in this journey.

It is important that your organisation strive to find a suitable balance between user experience and security especially in the context of today’s remote and/or hybrid workforces, cloud transformation and enterprise apps. Modern authentication comprises the latest innovations in authentication technology, which have been developed to enable authentication in a cloud based world. Thales can help organisations by:

Protecting on premises and cloud services and apps
Offering a powerful range of authentication methods that can support multiple authentication journeys
Easily and flexibly integrating into an IT environment

What, in your opinion, are some of the best practices for secure cloud migration? What are organisations missing/overlooking?

Prepare for the threat: Create, maintain, and test encrypted, offline backups of critical data. Develop and exercise both a cyber incident response & communications plan. Make digital asset management a key competency for your organisation. Create and maintain a cybersecurity awareness training program for your users.
Centralise Identity Management: In a hybrid identity scenario, organisations must integrate their on-premises and cloud directories. With this integration, the security teams can manage accounts from one location, irrespective of where the account is created. It also enables users to access both cloud and on-premises resources with a common identity.
Make sure secure access and identity protection is at the heart of your security strategy – identity is the new security perimeter. Don’t leave any authentication gaps, ensure you select a service that is scalable and flexible that can grow with your needs. Here are a few best practices to consider specific to authentication:
Adopting MFA and modern authentication for Critical Apps – Critical apps that provide key services to employees or that give access to your network should be protected by a modern authentication solution that is able to make intelligent access decisions and enforce the right level of authentication. These critical apps differ across organisations, but they typically include VPN, remote desktop, cloud computing platforms, and customer-facing applications.
Carefully Consider Authentication Factors – The choice of authentication factors is where user experience comes into the equation. Whether your users are employees or customers, you don’t want to alienate them by making it frustrating to log in to your app or to perform specific actions within your applications. For customer-facing authentication, a prudent strategy is to utilise adaptive authentication and combine it with other methods of stronger authentication when needed. The key here is to offer users a range of authentication options, such as a FIDO security keys, OTP tokens, or push notification on their registered smartphone.
Monitor Identities Actively – Monitoring identities actively can help organisations quickly detect suspicious activities and trigger an alert to prevent the threat. You can be at risk of user credentials being compromised failing to do so.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Huawei launches ground-breaking solar inverter at World Future Energy Summit

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

AVEVA launches CONNECT, the world’s leading industrial intelligence platform, at Hannover Messe

Infopercept launches Invinsense 5.0- – A cybersecurity platform completely made in India

Interview: Building Cyber Resilience

Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design

xCube launches the UAE’s first fully automated SLB service for retail investors