An effective and continuous monitoring process to govern security policies and early detection can mitigate risks at large.
Tracking new technology trends and understanding associated risks that come with it is crucial for chief information security officers across the industry. However, adhering to best practices and leveraging innovation in this security space will help counter risks significantly.
How should CISOs protect his organisation's intellectual property--the crown jewels?
CISOs should do everything you can to protect your company’s intellectual property (IP) or ‘crown jewels’. Prior to this it is important to take stock of the various trends impacting the security of an enterprise. They include:
Adoption of Cloud Services
Cloud services are being initiated by IT departments; SLAs are being signed by IT departments in enterprises without the corporate IT department being fully aware of the criteria, cost and consequences as well as other inherent service or security components. The concept of perimeter security is no longer sufficient. Hence, it is important for CISOs to move away from a perimeter wall approach to more of an individual body armor mindset and adopt new trends. Assume that people are already inside your wall, and that now your focus must be on full body armor protection.
However, skepticism still prevails around cloud providers with regard to ensuring complete security, which needs to be validated on a case by case basis.
Consumerisation of IT is here to stay as CIOs and CISOs need to balance user convenience, corporate security and operational costs.
Social engineering practices are enabling anyone and everyone to leverage social sites; this made easy the IT helpdesk’s task in impersonating someone to get passwords reset or acquiring information about the network. It’s also easier to get inside companies. CISOs have to worry about everyone: guests, contractors, and employees.
Cyber espionage is posing a serious challenge to CSOs to protect corporate intellectual property, and even neighbouring nations or states get engaged in cyber espionage. These advanced persistent threats are very complicated and difficult to manage. This is a situation where technology capabilities have superseded treaties, laws, and penalties. While there are several solutions to combat the issue, the right answer is to narrow the gap through trade negotiations. In the tech world, we see CIOs/CISOs now boycotting technology providers with the reputation of profiting from intellectual property theft. We as technology solutions providers take up the IP protection aspect seriously, and have evolved a very strong code of conduct for protecting our IP and not violating it, and help our customers protect their IP.
Best Security Practices for CSOs
Monitoring is becoming increasingly important; it cannot be overlooked. Besides, the key best ingredients would include:
- Classifying data
- Identifying your company’s crown jewels are and where they are located
- Educating your users that every employee is responsible for security
- Developing a culture of accountability across your organisation
- Creating a continuous monitoring process for policy governance function
- Ensuring your processes are up-to-date and relevant
Why CISOs need to Leverage Technological Innovations
Cloud is a double edged sword. While cloud opens up a lot of security issues, it also addresses several issues. It offers the opportunity to collaborate across multiple enterprises, as best protection mechanisms can be deployed. The security defense is shared amongst several companies; it is a very elegant way of solving this problem. Cloud gives CISOs the speed to deploy as well.
Consumerisation of IT is also giving CISOs ways to combat security. Take, for example, the mobile app store, where a mobile app developer must register and go through a vigorous certification process before selling his app. In this way, the type of malware and phone-home apps can be minimised.
Consumerisation has also introduced other security features at an end-user level: fingerprint, and voice and iris recognition.
Innovations in the area of mobile device management (MDM) and strong authentication are helping to improve security as well as end-user experience.
As the CTO, I recommend to our team to deploy a MDM that supports certificates based access, enabling an Easy Connect BYOD experience for both IT and end-users. Internally, we are leveraging this as well as our Junos Pulse and UAC products to deliver an easy to use, secure solution to end-users.
We are piloting big data analytics solutions to identify behavior anomalies to detect fraud. By combining this with identity and access management infrastructure, we will be in a position to identify bad actors potentially before fraud is committed.
As part of architecting our corporate network, we’ve integrated our own Juniper security products that offer next-generation security capabilities.
As we migrate to the cloud, our InfoSec team performs a risk assessment, works with the cloud provider to align with our security policy and standards including contract language. We take a ‘trust but verify’ approach including penetration testing and vulnerability scanning.
About the author:
Bask Iyer is Senior VP & CIO of Juniper Networks.