The concept of user-centered IT isn’t exclusive to the CIO; the CISO should be focusing on it too. As security has evolved with technology, threats have shifted and grown at an even greater rate. Initially, it was us vs. them. Safeguard everything inside the castle and fend off all the invaders trying to scale the walls. But times have changed.
Today some of the greatest threats lie inside the castle walls. Any CISO will tell you that the greatest vulnerabilities often revolve around users. And as the barrier to entry has fallen, the potential for disaster has skyrocketed.
The key is empowerment — enable your users to be smart and secure.
User Knowledge is Power for Your Enterprise
Clearly, the business must focus on using encryption to secure devices, particularly at the file level. Malware protection is also essential so that experimentation does not result in a widespread infection or serious hack. Beyond that, changing paradigms mean that businesses must refocus on user security. This requires a joined up approach, where users are aware and educated in the potential complications of using Bring Your Own Device (BYOD), or Bring Your Own Cloud (BYOC), and aware of the need to manage devices correctly, in line with business policy.
The convergence of social, mobile, analytics, and cloud has significant implications for end users, and promoting internal awareness can build a proactive security culture where it means the most.
Intel IT’s Security Approach: Protect to Enable
When Intel IT began focusing on the “three C’s” — cloud, collaboration, and choice — they had to confront the security concerns inherent to each initiative. So they developed a three-pronged strategy called “Protect to Enable.”
- Identity and Access Management (IdAM): “We are currently building a new foundational infrastructure that will support a more holistic identity and access strategy. Instead of multiple tools and policies, we will have a single IdAM hub through which all of our applications flow.”
- Cyber Security Center: “[T]he command post for threat prevention, detection, and response. The Cyber Security Center is responsible for analyzing events in our environment, identifying security issues, and initiating a response.”
- Security and Privacy by Design (PbD): “We are driving our risk mitigation philosophy and privacy principles upstream into our application and service development. By working with our design teams to build greater security and risk awareness into our applications, we can move the needle from reactive to proactive, develop stronger products, and deliver a better user experience. To integrate privacy into our applications and services, we are focused on applying the principles of PbD. These principles help guide our development teams on privacy considerations at each phase of a product’s or service’s lifecycle. In essence, we want the latest security intelligence, criterion, and privacy principles built into our applications and services, not bolted on.”
We’re closing in on 2015; what will your security strategy entail in the new year?