Two factors obstruct enterprise security
In his experience, two factors in particular obstruct security best practices: One is compartmentalizing the fundamental disciplines of threat detection and prevention on one side, and infrastructure design and management on the other, while not recognizing that the two are two sides of the same coin, and heavily interdependent. Another is that the IT security industry – the vendors, the analysts, the testers – are inordinately focused on comparing features and functions, declaring winners and losers in a number of specific disciplines.
“And the thing is that when security breaches happen, and an organization is hung out to dry in the media, it’s rarely because of flaws in specific security products. It is usually because the security basics weren’t adequately covered in day-to-day systems management or addressed in processes and procedures,” states Henrik Lei, and explains that the journey towards covering your bases starts with having all assets identified and prioritized. This requires a very different approach to what most organizations employ today: It requires clear visibility to assets, users and systems. Which in turn is dependent not only on close collaboration between operations and security professionals. It also relies on close integration between technologies and well-thought-out user experiences, that work to facilitate rather than hinder performance and security as one joint discipline.
“The result of this traditional approach to security is often insecurity. Organizations, who seek to secure their infrastructure, need to take a few steps back and forget what they think we know about how to protect their data, their business, and their people: It is not about buying this antivirus product over that antivirus product. And it’s not about locking endpoint and server management in an iron grip, to ensure that users aren’t able to wiggle, and make mistakes. It’s about knowing what you have, before you can decide what to protect, and how – and nudging users to work with you” says Henrik Lei.
Transforming and exploring security and identity thinking
He has chosen to join CTGlobal precisely to be able to embrace that vision: As one of the leading Microsoft technology consultancies globally, with specialists who excel in endpoint management and cloud and data center solutions, CTGlobal provides ample opportunity to explore ways to bring security thinking to the next level – away from tools and functions, and towards fully harnessing the power that lies in merging and adopting the capabilities inherent in the people and the processes governing the technologies.
CTGlobal’s CEO Peter Odgaard-Jensen is thrilled to have Henrik Lei on board: “It is fantastic to have Henrik on the team. His vision, resourcefulness and broad and varied experience enables us to develop our security ideas on a larger, more ambitious scale, and bring our customers on a truly transformational security and identity journey. Security is very much at the forefront of our customers’ minds, and a source of particular concern when they embark on a cloud journey. To have a security profile like Henrik with us to help them, is very exciting,” says Peter Odgaard-Jensen.