Stephan le RouxStephan le Roux

As more and more organisations virtualise their environments and move into cloud computing, security needs to be at the forefront of everything they do. It is no longer acceptable for security to be a low priority on companies’ strategic agendas.

, district manager of RSA, The Security Division of EMC Southern Africa, says although virtual environments are highly beneficial, they introduce new and IT trust challenges.

“It’s time to think differently to how we have in the past, for example about how to protect information in the cloud,” he says. “The landscape has changed dramatically over the past year, particularly with spear phishing and the advent of advanced persistent threats, which target specific companies.

“These developments are compelling organisations to re-evaluate how they protect their infrastructure, valued assets, intellectual property and strategic information. I believe we will see a major shift in how defence strategies are built.”

Le Roux points out that traditionally, most companies have formulated their strategies based on their perception of what’s at risk, using firewalls, anti-virus software and intrusion detection systems.

“Today, that’s no longer enough. Organisations need to understand what the attackers are doing and build their strategies around the best way to protect their assets,” he says.

Each company needs an individual solution determined by what needs to be protected, their future direction, what could be targeted by attackers, and how they can build an infrastructure to support these needs. There are tools available which make this process easier and more effective.

According to Le Roux, critical information should always be protected first, followed by applications and networks. Once an organisation’s critical infrastructure and information are protected, the focus can shift to activities such as making the Web server secure.

“It’s vital that the organisation’s architecture is regularly reviewed, because the threats we face are changing constantly. Ten-year plans have no place in today’s environment; companies need to be flexible and adaptable so that their strategies can stay current and meaningful. In fact, it’s time for information to become a boardroom topic as part of every organisation’s overall IT strategy,” he says.

New leading-edge technologies have the capability to pick up attacks proactively, as well as to identify patterns in organisational information. In the event of a virus attack, RSA’s NetWitness alerts the organisation, indicates how the attacker is gaining access to the network, and recommends how the attack can be blocked.

“This evolution in technology gives companies full visibility to see what’s happening on their networks so that appropriate action can be taken,” Le Roux says.

The local EMC Forum 2012 is taking place on 9 October 2012 at Gallagher Estate in Midrand. Attendance is free, so please register at www.southafrica.emc/forum and join EMC on Facebook at