Building security into applications

One Canadian security expert believes the key to thwarting threats of all types lies in the organization’s ability to define the relationship among roles, identities and assets.

“Today, in the kind of architecture that we operate in…it’s very, very difficult to know where the boundaries of an organization are,” says Robert Garigue, vice-president for information integrity and chief security executive at Bell Canada.

The challenge, he says, is ensuring that the right people have access to the right information. And while perimeter defenses will always be part of the whole information security infrastructure, today’s information security battle is being fought at the application level, Garigue says.

“The point is really around building the application that understands the kind of information assets you’re going to manage and the types of role that will be required to transform those assets or access them,” he explains.

Information management means ensuring that the information you are managing has appropriate access controls, Garigue says.

Determining the types of control to enforce depends on the value of the assets versus the role of the user, says the Bell executive. For instance, one-factor authentication – such as a name and a password – may be sufficient for certain types of low-risk access. But for high-value data, such as those that relate to privacy issues, it is always prudent to put in more access restrictions, he explains.

“Insider threats occur when you have that misalignment,” Garigue says. “The information management community…should recognize that some [types of] content are more toxic than others.”

Garigue says the first line of defence is still employee awareness, because internal breaches are not limited to malicious attacks perpetrated by a company insider. Social engineering tactics that trick an employee into divulging confidential information to an outsider can be another form of insider threat, says Garigue.

“[Employees must be aware] of the kinds of programs that they use and understand the value of the information that they are held accountable for,” he says.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now