IoT, cloud computing, and nation-state threats redefine enterprise security
Companies need to worry about securing hardware that's connected to the Web as well as Windows, said one speaker
IDG News Service - A printer that connects to the Web may pose as great a risk to enterprise security as an OS vulnerability, yet companies worry about the latter and too often ignore the former, said a CTO during a discussion at MIT.
With more devices gaining Web connectivity as part of the Internet of Things movement, hackers have greater opportunities to exploit weaknesses, said Patrick Gilmore, CTO of data-center and telecommunications service provider the Markley Group. The people who write software for printers may not be worried about security, he said.
"No one talks about what if your printer is hacked and every document your CEO printed is posted to a blog," he said.
The session, part of the Massachusetts Institute of Technology Sloan CIO Symposium Wednesday, covered a range of security issues, including cloud computing, emerging threats and data security.
Companies using cloud services should review what conditions would allow a provider to cut off a customer's service, said Rob May, CEO and co-founder of Backupify, which backs up data stored in cloud applications to a separate cloud system.
"You have a responsibility to protect your data. You can't outsource all your security to a cloud vendor," he said.
A Backupify customer that uses Gmail approached the company about securing its data if Google terminated its email account, May said. The customer works in a controversial business, he said, and presented a scenario in which Google would drop the business as a client after people protested the company's service providers. The company asked Backupify how quickly it could migrate its email data to Microsoft Outlook if such a situation occurred, May said.
Cloud customers need to ask better questions when considering Web services, Gilmore said.
Instead of inquiring about a cloud provider's physical and technical security measures, customers ask about pricing and backup procedures, he said. Physical plans are especially important, he said, since cloud data is ultimately stored in hardware and some vendors throw out hard drives instead of destroying them.
The challenge for security teams is in balancing the need to share data to achieve corporate goals while maintaining security procedures, said Mark Morrison, senior vice president and chief information security officer at financial service firm State Street Corporation.
State Street is moving risk management security to counteract emerging threats, Morrison said. Security is no longer "if we do these five things we are somehow magically secure," he said, adding that companies can no longer simply follow a checklist that includes basic security measures like establishing a firewall.
"You've got to realize prevention isn't going to be your sole protection anymore," he said.
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- Capabilities You Need in an IP Address Management Solution A mismanaged IP space can cripple an otherwise healthy network. Take a moment to understand what you need in an enterprise-ready IPAM solution.
- Accelerate your innovation with IBM Bluemix™ Join us for a webcast introducing the new IBM BluemixTM. IBM Bluemix (www.bluemix.net) is a developer oriented Platform as a Service (PaaS) environment...
- Maximizing Availability for the Modern Data Center Check out this information-packed resource center for help in maximizing the availability of your data center - from overcoming challenges to choosing the... All Cyberwarfare White Papers | Webcasts