Dan Conde, on Apr 27, 2015
As the 2015 RSA Conference got underway this week, I attended a dinner hosted by Pacific Crest Securities. Our host began the dinner by asking former cyber czar Richard Clarke to say a few words.
Now this was a rather festive dinner as the cybersecurity industry is in the midst of a robust boom. Nevertheless, Clarke’s brief talk was a reminder of where we’ve been and the state of cybersecurity today.
In the past, cybersecurity was thought of as an IT problem where CISOs were given meager budgets and told to handle IT security with basic technical safeguards and a small staff of security administrators. Fast forward to 2014 and things have certainly changed now that business mucky-mucks read about data breaches in the Wall Street Journal on a daily basis.
Jon Oltsik, on Jun 13, 2014
Every CISO I speak with tells a story fraught with common anxiety about the future of information security. As the world becomes more mobile, consumer-centric, and cloud-based, IT gets more distributed and complex while the IT department has less and less control. This presents a real conundrum for security professionals who’ve been trained to seize control and lock down as much as they can.
So what should CISOs do to address the “shadow IT” dilemma? As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies.