No Time to Think Differently – It’s Time to Move: Speed is Everything When It Comes to Security
Author(s): Stephen McCarney, Posted on April 10th, 2015
“The Chinese have penetrated every major corporation of any consequence in the United States and taken information,” said former NSA director Mike McConnell in a speech he delivered on March 13, according to an article in CNN Money, Ex-NSA director: China has hacked ‘every major corporation’ in U.S..
Fear and uncertainly continues to hang like a heavy cloud over practically every corporation wrangling with the threat of being the next victim exposed for a data breach. As chilling as McConnell’s statement is, it’s a wakeup call for companies to take action.
Therein lies the problem – action has not been swift and steady. Security infrastructures have been cobbled together for decades, creating a tremendously complex ecosystem of dependencies. There’s hesitation to make even the slightest change in fear that there could be downstream effects or unintended consequences resulting from an adjustment. To nudge organizations, regulatory compliance bodies are sharpening their teeth to levy more significant fines and penalties on those who do not comply and follow minimum security standards.
Events all over the world, such as RSA in North America, are encouraging organizations to challenge today’s security thinking. As important as it is to challenge security thinking, it is equally important to take action. While challenging today’s security thinking, there are two things to move on:
- Optimize existing security infrastructure. Change doesn’t necessarily need to translate to rip-and-replace. Much of what you likely have in place is not “bad” – it might simply need to be strengthened and improved. Sophisticated attacks have now become the average attacks. According to a Computerworld opinion piece by Ira Winkler, The ‘Sophisticated Attack’ Myth, “These attacks seem sophisticated only when you compare them to the unsophisticated security programs that fail to defend against them.” Ira goes on to say, “Once the attackers get a foothold in a system, they are able to penetrate generally insufficient systems and network security…” The key here is prevention. While there is no silver bullet when it comes to security, there are tools that are designed to complement existing security infrastructure and to help fortify the protection of critical systems, data, and intellectual property. In fact, with the right security tools, you can also reduce complexity and cost – additive security protection doesn’t need to weigh you down.
- Shift towards lightweight, flexible security. Whether it’s rapidly-evolving regulatory requirements, or critical business or mission pivots, your security protection should never be complacent – and neither should you. Moving towards a software-defined state will allow for more agile interconnectivity and responsiveness. According to an InfoSecIsland article, The Five Things CSOs Need to Know About Software-Defined Security, Carson Sweet shared “Leading analysts, CIOs, and CSOs agree that adopting a Software-Defined Security (SDSec) architecture is necessary to ensure that security and compliance do not slow down the movement to cloud infrastructure, but rather complements and accelerates the value it delivers to the enterprise. Security and compliance management must evolve to succeed in these massively scalable, fast-moving environments.
Speed is everything when it comes to security. While the saturated security market makes it challenging for organizations to confidently know what next steps to take and what truly innovative security technologies and tools to depend on, now is the time to choose your partners wisely – and move.