Information Security is an Enterprise-Wide Risk Management Issue

As technologies become smarter and more connected, the threat surface that we all must defend is expanding at an unprecedented speed. Cybersecurity is absolutely a top priority in boardrooms across every industry. How do we strike the right balance between security and the needs of the business? Safeguarding our corporate assets, intellectual property, and computer systems requires an integrated approach to enterprise security. That starts with a security architecture we can trust to protect against, detect, and correct both traditional threats and Advanced Persistent Threats (APTs).

Security Capabilities

Getting the basics right is absolutely critical. Using a combination of technology, tools, and proven processes, we maintain a robust security perimeter that routinely defends against 99% of known threats. Consider that in 2015 Intel’s security infrastructure blocked 225 million malware events, logged over 13 billion security events per day, and applied 12.2 million system patches. On top of that, we patch web services, manage system access, filter email attachments, inspect documents going to and from the cloud, and continually update anti-virus software. It’s only when the basics are effectively handled day in and day out that we can actively focus our resources on the remaining 1% of sophisticated, and always evolving, targeted threats. We proactively hunt for APTs using new technologies, processes, and skill-sets to expand our capabilities and stay ahead of these complex, well-hidden threats.

But, cybersecurity is an enterprise-wide risk management issue. It takes people working together across functional lines to define our security strategy in line with the goals of the business. Embedding cybersecurity knowledge and diligence in our culture is a foundational effort as we operationalize the roles of stakeholders across the organization. Do employees know their role in protecting data and critical assets, both their own and the organization’s? How are we evolving the way we engage and educate stakeholders? From employees to trusted external partners, we’re proactively navigating the ever-increasing threat landscape to optimize security.

That brings me back to the question of how to balance security of our critical assets while empowering the business to keep pace with market-leading innovation. Cloud computing delivers business productivity enhancements and opportunities for increased profitability, but we have to consider the unique challenges of securing the ever-evolving cloud. Software-as-a-Service (SaaS) applications are in high demand for the agility, efficiency, cost-savings, and collaboration they enable, especially with suppliers and customers. We support that demand by continually reevaluating SaaS providers and updating our access, data protection, and monitoring controls to protect our intellectual property—making it safe for the business to “go fast” when adopting new SaaS solutions.

What’s the roadmap for your information security strategy? Learn more about the three pillars of Intel’s information security strategy in the 2015-2016 Intel IT Annual Performance Report.