How do you secure a constantly changing IT landscape?

Posted on 06/02/2018
DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.

Security doesn’t work if all we’re doing is trying to keep pace with an ever-evolving landscape of threats and cyber-attacks – you’ll always be one step behind. Cybersecurity is a hot topic, not just in large enterprise and government organistions, but has now found its way to the kitchen table and is something we all have an opinion on. After all, bad cybersecurity habits affect us all.

My belief is that just simply reacting to new threats doesn’t work – but unfortunately this is how many organisations are currently operating. To counteract this, our approach is to architect security into our information technology systems from the start. Easier said than done – but with advanced technologies and new capabilities, provided by cloud and mobile computing, this is now not only feasible but essential too.

In 2016 there were over 4,000 ransomware attacks every single day, and that’s without mentioning the devastating effects of breaches like WannaCry where even hospitals were blocked from accessing essential data like patient records. Of course, in reaction, cybersecurity spend has risen (in 2017 we spent over $86.4 billion) and organisations are adding layers of security over their systems.

But the elephant in the room that is still leaving us vulnerable to attack is mindset. Outdated systems, no matter how many layers of bubble wrap we blanket them in, are still outdated. With breaches occurring at an alarming rate, and on such large scales too, it’s time for organisations to make sure they’re practicing basic cyber hygiene and protecting their crown jewels – mission critical business applications and data.

What is cyber hygiene?
In short, the simple principles every organisation with an IT system needs to be aware of, and implementing, on a day-to-day basis.

VMware breaks these down into five core principles. These aren’t new ideas, but sometimes they’re forgotten, and protocols aren’t always updated to keep your cyber armour ‘chink-free’.

The Core Principles

1. Least Privilege
Just because you trust everyone in your business doesn’t mean that your receptionist needs the same access levels as your CEO. Give users minimum necessary access, and leave your most valuable data vulnerable to far fewer breach points. You wouldn’t give a hotel guest a key for every room in the hotel.

2.  Micro Segmentation
We don’t use drawbridges and castle walls anymore for a reason – they give a false sense of security and encourage lax approaches to security within the walls. Once your attacker infiltrates your outer-defence the threat’s inside and there’s nowhere to hide. Breaking down your network into layers and self-contained areas keeps the entire system protected, and ensures your access points aren’t left vulnerable to attack. Don’t neglect your perimeter, but don’t rely on this alone.

3. Encryption
Think of encryption as the last weapon in your arsenal against hackers – except with cyber security it keeps you ahead of the game. If all else fails and your firewalls and access protocols are breached, encryption means that all the critical data you have stored is useless to them. Like a Rubix cube, if you don’t know how to decode it and put it back together, encrypted data is a difficult puzzle to crack. Basic cyber hygiene means encrypting your files and data before sharing.  The same applies to encrypting network traffic wherever possible.

4. Multi-factor authentication
From thumb-print ID to facial recognition, security is becoming personal. But even implementing basic two-factor authentication stops the first wave of breaches. And, the more personal we get with authentication, the more secure our networks will be. After all, your thumbprint is much more difficult to steal than your pin code!

5. Patching
Systems require updates for a reason. Every time malware gets more advanced your service providers respond with system and software updates. Don’t remain in the past. Upgrade and update to stay ahead of your attacker’s game.

Understanding these principles is one thing – but implementing them is critical. Everyone in your organisation should understand why cyber hygiene is critical, but more importantly, your IT managers and business decision makers need to understand how to implement these principles.

Just like brushing your teeth or washing your hands, good cyber hygiene habits protect everyone.

Get to grips with VMware’s cyber hygiene manifesto and learn how to protect your organisation in “Core Principles of Cyber Hygiene in A World of Cloud and Mobility”.


Learn how our customers deploy micro-segmentation quickly and easily. Watch our webinar Context-Aware Micro-Segmentation with NSX Data Center.


By Joe Baguley

Category: Business, Virtualization

Tags: , , , ,

Related Articles

Posted on 23/10/2017 by blogsadmin

Video: Partner Perspectives from VMworld

After another successful VMworld Europe, VMware’s Jean Philippe Barleaza, EMEA VP Channel, Alliances and General Business and Kirsten Cox, VP Marketing, EMEA reflect on some of the announcements and what they mean for our partner community A month on from our most successful VMworld yet, we sat down with Jean Philippe Barleaza and Kirsten Cox […]

1 minute read
Posted on 02/08/2018 by vmwareemeasmt

Execution, not innovation is holding organisations back

A recent report we published, written by Cass Business School highlighted the challenge many of us face: that the inability to turn ideas into new products, services and strategies, at the pace required, is putting organisations at risk of failure. The report, entitled Innovating in the Exponential Economy, explores the gap between where ideas originate and how they […]

2 minute read
Posted on 26/09/2018 by vmwareemeasmt

Unlock the Digital Workplace of the Future at VMworld 2018 Europe

Register today for VMworld 2018 Europe in Barcelona, 5-8 November. ## Digitisation, changing employee demographics and ever-increasing expectations are all having a major impact on enterprises and their plans for growth. New entrants are not only disrupting established businesses’ revenue streams; they’re also poaching talent, offering exceptional experiences that other organisations are forced to match. What’s […]

3 minute read


No comments yet

Add a comment

Your email address will not be published.


This site uses cookies to improve the user experience. By using this site you agree to the privacy policy