These numbers aren’t meant to scare you. I’ve brought them to light so that you understand why your CIO keeps knocking on your door to talk about data protection— these days, that is the name of the game in security. Executives today must recognize that security is no longer about fortifying the network, it’s about protecting the data. We’ve already established that the crooks aren’t looking to simply break your network. They want to get their grubby little hands on your data.
Executives today must recognize that security is no longer about fortifying the network, it’s about protecting the data.
These bad guys are no dummies—they know how to exploit holes in the network and how to take advantage of offline systems and endpoints in order to gain future access to your data stores. If the endpoints and the data are protected, it becomes a lot harder for the criminals to steal information.
Your technology leaders must be able to satisfy the needs of your staff and partners to access appropriate data while maintaining appropriate control and monitoring of that information to ensure it remains safe. In the end, organizations need to make sure they’re not giving away too much free access at the expense of the company’s well being.
wHAT I wISH my CEO KNEw AbOuT SECurITy…
“For me, it’s got to be the application level security and code-security. In our company and a lot of companies, security is still seen as an IT process, you do some IT things, development does their things. Making the argument that code security, revision control are so absolutely important that often times they can be the invalidation of all the controls that I’ve put around things.
If someone screws up and makes a code error, it’s now dumping your databases to the Internet. So, that’s going to become one of the next hot items – database and web application security in multiple ways. Getting some kind of insight into your code’s security is very important. It’s not being properly communicated by anyone at this point. Mostly because people don’t have a hard grasp of the application threat landscape. There are a few people who understand it, and to my knowledge, they work for their own companies. They’re independent contractors. They’re not convincing CEOs that that’s important. A lot of the other people out there just haven’t gotten it yet.”
William Bell, Director of Security for ECSuite.com