What Target, Heartbleed, and Snowden Can Teach Us about Enterprise Security

Managing the Changing IT Landscape: Enterprise Security TransformationBlog_Graphic.jpg

  
The past year has been an eventful one in terms of security. First there was the Target breach, impacting more than 70 million people and catching the attention of businesses and consumers alike. Then there was the complex Heartbleed virus, which remains an ongoing threat. And these were just the ones that made headlines.

With the Gartner* Security & Risk Management Summit taking place this week, these topics are sure to be on the agenda as the nation’s top security leaders weigh in on cybersecurity and infrastructure vulnerabilities. It is with this backdrop that we consider the question: How should the events of the past year change enterprise security?

The Snowden factor

Beyond the impact of hackers and viruses, the role that people play in safeguarding data is certainly going to come up at the Gartner summit. We just passed the one-year anniversary of the Edward Snowden revelations of mass surveillance by the National Security Agency, which have expanded the discussion to include personal privacy, mass surveillance, and government monitoring.

In the post-Snowden era, data privacy has been brought to the forefront of public awareness. Blogger Stephen Cobb reinforces this in a recent We Live Security blog post: “Frankly, the increase in general public awareness of, and interest in, a whole raft of security and privacy related issues over the last 12 months has been staggering.”

So was it a bad year for security?

It was a tough year for security professionals, but I don’t think it was a “bad” year. If we tried to ignore the causes and issues surrounding these events, we’d be in a bad spot. Instead, the industry is moving forward with the right conversations, level of innovation, and partnerships to solve the problem and address the risks, together. The solution lies between IT and business leaders, with technology innovation as a key tool.

I think these events have accelerated the critical discussions necessary to improve data encryption, prevent the spread of malicious code, and establish better policies required to protect information and individual privacy. A recent blog from IT Business Edge focused on how this eventful year changed endpoint security, with survey results from a company named Avecto. Here are some findings from 500 security professionals:

  • The majority of companies are beginning to rethink their security strategies.
  • 84% believe network security will finally reach the boardroom due to increased scrutiny.
  • 39% said the Target breach had the most impact on their security practices.

Andrew Avanessian of Avecto articulates an expanding landscape for innovation and change: “Securing the endpoint isn’t simply about installing antivirus software anymore. It is essential to couple traditional preventative perimeter security such as antivirus and firewalls with the proactive strategies of app whitelisting, privilege management, and patching.”

Security transformation resources from Intel

The approach Andrew advocates for is similar to the type of innovation Intel’s IT and security team began back in 2011. Intel Chief Information Security Officer Malcolm Harkins discusses security redesign in the face of a changing environment where “compromise is inevitable.”

If you are interested in the details behind Malcolm’s video, check out the white paper “Rethinking Information Security to Improve Business Agility” or listen to this Inside IT podcast.

Intel cybersecurity expert Matt Rosenquist says business executives are listening but may not be doing enough. In his recent blog, Matt offers four recommendations for addressing security investments and four ways to evaluate those investments to maximize ROI and business value.

Finally, the Intel® IT Center has some great resources on hardware-based security for business devices, as well as information about cloud-based security protection to ensure that your service delivery infrastructure remains more resilient to attack.

How have the events of the past year changed your thinking or approach to enterprise security?


Chris Peters

Find Chris on LinkedIn

Start a conversation with Chris on Twitter

See previous content from Chris