Does the UK Government’s new Cyber Governance Code of Practice go far enough?
The government’s new ‘code of practice’ will set the standard for cyber security education among UK business leaders, but is it really effective without the right technology?
The potential benefits of Britain’s rapidly growing cyber landscape are enormous, unlocking new opportunities and ways of working while creating new jobs to grow every sector of the UK economy. However, this also means that the risks associated with the growing digital economy must be addressed with practical measures.
Following government research showing that almost one in three businesses have suffered a cyber breach or attack in the past year, including one where the NHS 111 service was taken offline, the government has introduced the Cyber Governance Code of Practice proposed, which, when met, will allow organizations to obtain the “Cyber Essentials Certificate” demonstrating they have cybersecurity controls in place.
The code sets out the key actions that senior management (board level and above) must take to strengthen their cyber resilience so that they can take full advantage of digital technologies that can fuel innovation and drive competitiveness in an increasingly hybrid world.
The UK Government’s recent introduction of the Code of Practice is a step in the right direction for all organizations to tackle cyber risks, but to safeguard the UK’s reputation as a cyber power and protect our economy, the Code must provide guidance on how organizations can do this. improve network security.
An example of the Code of Practice’s failure to successfully protect UK organizations from cyber attacks is the hybrid work revolution. Hybrid and remote work models have brought greater employee flexibility and uninterrupted productivity to organizations, but cybersecurity becomes more complex when a company deals with a distributed workforce.
Head of Sales, HPE Aruba Networking UK and Ireland.
Implementing an edge-to-cloud approach
In the past, companies hosted the majority of their applications and services in their on-premises data centers, with companies adopting a “castle-and-moat” security model in which no one outside the network can access the data inside, but everyone inside the network. the network can. While this security mode can use technology such as firewalls to protect against outside attacks, they are not effective at stopping internal attacks and data breaches. Today, organizations are embracing a cloud-first approach that requires a much more advanced network architecture to maintain a secure and effective experience.
As most applications have migrated to cloud computing models, companies now have the opportunity to reduce latency with a distributed security model. By deploying cloud-based technologies, such as an advanced Software-Defined Wide Area Network (SD-WAN) and Security Service Edge (SSE) solution, IT teams are able to simultaneously secure the corporate network and improve the end-user experience.
If such technology is available, traffic generated by employees working in hybrid work can be sent to a cloud-delivered security service that enforces access policies and delivers smooth connectivity. Implementing an integrated network security framework
Workplace technologies (and the strategies that govern them, such as the Cyber Governance Code of Practice) must continually keep pace with the demands of hybrid work and the ever-evolving threat landscape. While the code addresses senior management’s need for a more holistic understanding and approach to cybersecurity, it does not take into account the technology required to enable this.
That’s why Secure Access Service Edge (SASE), a combination of the two “technology sets” – SD-WAN and SSE – that include core security principles like Zero Trust, must become a central part of a modern organization’s IT security strategy. SASE takes a Zero Trust (never trust, always authenticate) approach to access rights and user identity security, even when users access cloud-based applications remotely and not directly through the corporate network.
By deploying a Zero Trust-based SASE framework, the organization is well-positioned to streamline its security operations in a way that also enables the ‘work from anywhere’ trend by reducing cyber breaches.
Pushing the boundaries of secure in-office experiences
Managing security from a single point of visibility and control, whether you are on the corporate network (via a wired, wireless, or WAN connection) or accessing it remotely, is also important.
Hybrid workgroups in home offices and remote locations have put enormous pressure on IT teams, who now need to secure a wider range of connected devices than ever before. Without unified security policies, IT teams must manually collect data from multiple, disparate tools, which is complex and takes much longer.
As such, organizations must embrace technologies that can address fragmented network operations while uniformly applying Zero Trust policies with architectures such as SASE. Enabling stronger, more secure control over application access and easier centralized management through a single cloud-native control point makes it easier for senior management to gain a holistic view and easy insight into their organization’s security.
By striking a balance between strong security, location flexibility and employee accountability, as outlined in the code when dealing with application access, organizations can ensure employee experience and future innovation without increasing their vulnerability to cyber-attacks.
We have the best cloud cost management service.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro