Security Manager's Journal: Security that doesn't get in the way
The RSA conference and Disneyland both demonstrate ways that it can be done
Computerworld - I was on the road last week, attending the RSA security conference in San Francisco, which is a great place to run into colleagues. Afterwards, I visited Disneyland, which, despite being in the same state, is surprisingly far away. What do these places have in common? Security.
At the RSA conference, I saw a lot of people I know, which made me realize how much the information security field has grown and matured. In years past, you might occasionally run across a colleague, but it was a notable experience worthy of mention and remembrance. Now, it seems as if almost everybody goes, with all of them using Facebook, Twitter and Skype as the collaboration tools of choice. I caught up with people I hadn't seen in years (and didn't really expect to see again, in some cases) with practically no difficulty. Instant messaging kept me in touch with people over great distances despite the challenges of travel. What this means to me is that technology can really make life easier, and the world smaller.
In the old days, securing our data often meant sacrificing some measure of functionality. Skype and other instant messaging services were forbidden in the company because their peer-to-peer capabilities could lead to inadvertent or intentional information leakage, and various mobile applications were great sources of concern for a security manager. Now that I have implemented real security for mobile devices, I can support this business enabler and protect my company's intellectual property at the same time. I can rest easy (in a relative way) while enjoying the advantages of mobility.
At the RSA conference, I saw many examples of new security technologies designed to make life easier and safer. To me, that's what security should do. I believe that security doesn't have to get in the way of business, and some of the emerging technologies and concepts look like they will one day change the way we think about security controls. Instead of controlling data flow through a choke point, we can now look deep into the network packets to see what's inside, and react accordingly, diverting data, blocking malicious or unapproved content, or even scrubbing out and redacting confidential content. New tools allow us to perform forensic analysis to find hidden or deleted activities on our data devices, even if people or programs try to cover their tracks, without needing to know much about the underlying protocols. And new ways of thinking about, analyzing and modeling threats will soon help us target our countermeasures on the areas of greatest risk.
Disneyland has always struck me as providing a great example of my own philosophy of low-impact, high-effect security. With the use of extensive (but unobtrusive) surveillance, employee vigilance and awareness, and preparedness, Disney provides a safe environment for its customers without annoyance. I had an opportunity to attend a presentation by Disney's CSO at another RSA show a number of years ago, where he spoke about Disney's security awareness program. It was remarkably advanced, and it's still one of the best I've seen. And here at the park, my practiced eye can detect the presence of trained security staff everywhere, and I know the regular employees are also well trained and security-conscious, but they aren't getting in the way of visitors. From my point of view, they are doing it right.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
To join in the discussions about security, go to blogs.computerworld.com/security.
More by J.F. Rice
- Security Manager's Journal: Trapped: Building access controls go kablooey
- Security Manager's Journal: We manage our threats, but what about our vendors?
- Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security
- Security Manager's Journal: A rush to XP's end of life
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!