Special Report: IT security's looming tipping point

Navigating the muddy waters of enterprise infosec

Information security finally has executives’ attention, but aligning with business needs is still challenging.

muddy waters
Ed Dunens (CC BY 2.0)

Executives at Booz Allen Hamilton learned the importance of information security the hard way back in 2011 when the hacker group Anonymous claimed that it had penetrated one of Booz Allen’s servers and had deleted 4GB of source code and released a list of more than 90,000 military email addresses and encrypted passwords.

The breached server turned out to be a development environment containing test data, “but that didn’t really matter; it was a wakeup call,” says Michael Waters, director of information security at the consulting firm and government contractor. “It was a pretty unpleasant experience, but it did galvanize substantial investment — both capital and HR — in getting things done. The firm looked around and said, ‘We have been working on this, but we need to put more toward it.’”

muddy waters Ed Dunens

Over the next year, Waters’ information security staff grew from 12 to 70 employees, budgets increased, and processes and governance improved significantly. But a security plan is never “finished,” and in 2013 Booz Allen received a second jolt — this time in the form of an insider threat — when recent hire Edward Snowden, working under contract to the NSA, leaked highly classified documents describing government surveillance programs.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon