Given the amount of sensitive and regulated data stored in corporate databases, one would assume that database security is strong, well-understood, and adequately funded. Unfortunately, none of these assumptions are true. Database security remains challenging in terms of the IT organization, security technology, and financials. While database security issues often do not receive adequate attention, they represent a security “elephant in the room,” creating an unacceptable level of security risk for many large organizations.
Over the past few years, IT consolidation has reached a fever pitch with most organizations moving as many IT assets as possible from remote locations and small data centers into more cost-effective optimized corporate facilities. The applications and data in these centralized sites, however, are still accessible to remote/branch offices at the other end of the wire. Inadequately managed remote PCs combined with poorly trained workers at these locations creates a vulnerable population that could be an easy entry point for cyber criminals and advanced persistent threat (APT) attacks.
Too many people talk about IT consumerization as if it were an emerging trend. As ESG research clearly indicates, IT consumerization is well on its way with massive proliferation of consumer devices like smartphones and tablet computers. This trend has serious and immediate implications for IT risk management. CISOs can’t delay; they need detailed security strategies for IT consumerization that include executive buy-in, acceptable use policies, mobile device management, security controls, and pervasive monitoring oversight.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188