This week, I served as a panelist for New England Israel Business Council’s session “Israel Cyber Security Showcase: Answering Tomorrow’s Security Challenges.” The panel was comprised of a range of security officers, including Akamai’s CSO Andy Ellis, Brigham & Women’s Hospital’s Information Security Officer Kevin Littlefield, Transmit Security’s President & Co-Founder Rakesh Loonkar, State Street’s SVP and CISO Mark Morrison, and myself.
Discussion centered around the security opportunities and challenges associated with the future of computing. Here are my observations from the session.
1) The Forecast: Cloud
There was a clear consensus amongst the security professionals present that, even with recent data leaks, the cloud is not slowing down. No surprise here. Users are not going to turn off their iPhones just because there is a chance of data leakage. Nor will they stop leveraging SaaS applications to enhance productivity and collaboration at work. Similarly, enterprises are not going to shy away from the cloud or ignore the many benefits it has to offer.
We don’t have to go too far back to reach a point where people were skeptical of the cloud, writing it off a fad of sorts, or that it wouldn’t work. The Cloud is here to stay, and that means we must consider its nature and implications when developing and implementing security strategies.
2) CISOs Are Changing Their Approach
The modern CISO views security as a business enabler, allowing their enterprise to progress towards faster and more efficient operations while also mitigating data exploitation risk. Today’s security officers understand cloud infrastructure providers do a better job running secure infrastructure than their internal team can. However, there is more to security than platform-level safeguards.
With the shift to the cloud, CISOs are moving from a reactive, regulatory security approach to a proactive strategy around risk management. When security policy is based solely on regulations, organizations find themselves one step behind the threats.
To align with the current tectonic shifts in business – while maintaining security – CISOs need to be a couple steps ahead. One of the biggest challenges is aggregating security data in an actionable way and avoiding being inundated with noise.
To do so, CISOs are finding creative and intelligent ways to identify and keep an eye only on the data that matters. With no shortage of information feeds and incidents to account for, finding the proverbial needle in the haystack – or, as one of the panel members put it – the needle within the needles, is difficult. Intelligent and behavioral security is on CISOs’ minds these days.
3) Users are People, Too
An increasing number of CISOs no longer perceive their users as an enemy or threat, but rather partners to work with to establish long term security success. With the explosion of data and increase of access points into a domain, users possess a great deal of power to either introduce or prevent security risk.
Successful CISOs teach users what it means to think like a security officer. Educated and empowered users make the right data security decisions. Establishing the idea that security is the shared responsibility of everyone in the organization collectively instills a sense of responsibility in users.
4) Israel and Cybersecurity: Two Halves of a Whole
Many venture capitalists, particularly Boston-based VCs, invest in cybersecurity companies with ties to Israel, with successful examples such as Guardium and Trusteer. Many wonder why venture capitalists’ interest in Israeli security companies is so high.
Security is built into the very fabric of Israeli society. In fact, in Israeli public high schools, students can take matriculation exams and earn credits for cybersecurity. The high level of investment the country makes in cybersecurity permeates throughout the national culture. As a hotbed of cybersecurity, Israel is consistently on the forefront of educational efforts around the space.
5) Boston is a Security Town
There is a rich history of successful startups and acquisitions with roots in Boston – and for good reason. With a great talent pool drawing from some of the leading technology and business schools in the world, it’s no surprise Boston is one of the top technology and cybersecurity hubs in the nation.
A Bit About Us
At CloudLock, we’re working to accelerate cloud adoption and protect data in the cloud, not from it through a people-centric approach to security.
Last night, we were amongst good company at the 2014 MassTLC Leadership Awards Gala award ceremony and were honored to take home the award for Innovative Technology of the Year in the Security category.
Ready for more?
In our CISO’s Guide to Cloud Security eBook, you will:
- Learn the characteristics and priorities of today’s forward-thinking security leaders
- Obtain actionable guidelines to initialize and execute an effective cloud security program
- Be empowered to bring it all to life with a formula to measure the impact of security efforts in every organization