The government's new 'code of practice' will set the standard for cybersecurity education among business leaders across the UK, but is it really effective without the right technology?
The potential benefits of the UK's rapidly growing cyber landscape are enormous, opening up new opportunities and ways of working while creating new jobs to grow all sectors of the UK economy. However, this also means that the risks associated with the growth of an increasingly digital economy must be addressed with practical actions.
Following government research indicating that almost one in three businesses have suffered a breach or cyber attack over the past year, including one that knocked out the NHS 111 service, the government has proposed the Cyber Governance Code of Practice which, when is met, allows organizations to obtain the “Cyber Essentials certificate” that demonstrates that they have cybersecurity controls in place.
The code sets out key actions that senior management (at director level and above) must take to strengthen their cyber resilience and make the most of digital technologies that can drive innovation and boost competitiveness in an increasingly hybrid world.
The recent introduction of the Code of Practice by the UK Government is a step in the right direction for all organizations to address cyber risk, but to secure the UK's credentials as a cyber power and protect our economy, the code must Provide guidance on how organizations can improve network security.
An example of how the Code of Practice fails to successfully protect organizations in the UK against cyber attacks is the hybrid working revolution. Hybrid and remote work models have brought greater flexibility to employees and uninterrupted productivity to organizations, but cybersecurity becomes more complex when a company faces a dispersed workforce.
Head of Sales, HPE Aruba Networking UK and Ireland.
Implement an edge-to-cloud approach
In the past, companies hosted most of their applications and services in their on-premises data centers, and companies applied a “castle and moat” security model in which no one outside the network could access data on the interior, but all those who were inside. the network can. Although this mode of security may employ technology such as firewalls to protect against external attacks, they are not effective in stopping internal attacks and data breaches. Today, organizations are taking a cloud-first approach that requires much more sophisticated network architecture to maintain a secure and efficient experience.
Since most applications have migrated to cloud computing models, enterprises now have the opportunity to reduce latency with a distributed security model. By implementing cloud-based technologies, such as an advanced software-defined wide area network (SD-WAN) solution and Security Service Edge (SSE), IT teams can simultaneously protect the corporate network and improve the end-user experience .
With such technology in place, traffic generated by hybrid work employees can be sent to a cloud-based security service that enforces access policies and offers seamless connectivity. Implementation of an integrated network security framework
Workplace technologies (and the strategies that govern them, such as the Cyber Governance Code of Practice) must keep up with the demands of hybrid work and the ever-evolving threat landscape. While the code addresses senior management's need for a more holistic understanding and approach to cybersecurity, it does not consider the technology needed to enable this.
That's why secure access service edge (SASE), a combination of two “technology stacks” (SD-WAN and SSE) that encompass core security principles like Zero Trust, must become a core part of the strategy. IT security of a modern organization. SASE takes a Zero Trust (never trust, always verify) approach to access privileges and user identity security, and applies it even if users access cloud-based applications remotely and not directly through the corporate network.
By implementing a SASE framework based on Zero Trust, the organization is well positioned to optimize its security operations in a way that also enables the “work from anywhere” trend by reducing cyber breaches.
Pushing the boundaries of safe “office experiences”
It's also important to manage security from a single point of visibility and control, whether you're on the corporate network (via a wired, wireless, or wide area network (WAN) connection) or accessing it remotely.
Hybrid workgroups in home offices and remote locations have put immense pressure on IT teams, who must now protect a wider range of connected devices than ever before. Without unified security policies, IT teams are forced to manually collect data from several different tools, which is complex and time-consuming.
As such, organizations must adopt technologies that can address fragmented network operations while consistently applying Zero Trust policies with architectures like SASE. Enabling stronger, more secure application access monitoring and easier centralized management through a single, cloud-native point of control makes it easier for senior management to have a holistic view and easy understanding of their security. organization.
By striking a balance between strong security, location flexibility, and employee accountability laid out in code when it comes to application access, organizations can ensure that employee experience and future innovation do not increase their vulnerability to cyber attacks.
We have the best cost management service in the cloud.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here: