A preview of our upcoming research on next-generation endpoint security

Just a quick blog today to plug a video that Jon Oltsik and I recorded recently to preview upcoming ESG research on next-generation endpoint security. If the topic sounds familiar, it should — Jon's going to be speaking about that research during his session at the RSA Conference in a few days.

Topics: Cybersecurity endpoint security next-generation cybersecurity

The Two Cornerstones of Next-generation Cybersecurity (Part 2)

In my last blog, I described a new next-generation cybersecurity mindset to address the lack of control associated with “shadow IT.” As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies.

In Part 1 of my blog, I described how data security must become smarter about the sensitivity of the content and where it resides across enterprise and 3rd party networks. Aside from deeper data intelligence, however, we also need much deeper identity intelligence than the basic user name, password, and role descriptions we have today. This makes identity the other cornerstone of next-generation cybersecurity.

Topics: Information and Risk Management Security and Privacy next-generation cybersecurity

The Two Cornerstones of Next-Generation Cybersecurity (Part 1)

Every CISO I speak with tells a story fraught with common anxiety about the future of information security. As the world becomes more mobile, consumer-centric, and cloud-based, IT gets more distributed and complex while the IT department has less and less control. This presents a real conundrum for security professionals who’ve been trained to seize control and lock down as much as they can.

So what should CISOs do to address the “shadow IT” dilemma? As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies.

Topics: Data Management & Analytics Information and Risk Management Enterprise Software Security and Privacy cyber security next-generation cybersecurity applications identity