The Evolving Enterprise Threat Environment

This won’t work anymore

The second interview for IDG on Monday, September 12, featured Andrzej Kawalec, HP‘s CTO of Enterprise Security along with Bob Gourley. The two first discussed changes in the enterprise threat environment, which have been dramatic.

They agreed on three major emerging challenges in enterprise cybersecurity. The first is simply the nature of the threat, which is growing more sophisticated, faster, and more targeted over time. Phishing, for example, gives way to Spear phishing where the impostor emails are designed to look like they came from colleagues, offer a malicious link tailored to the target, and may have company letterheads and logos. Threats to enterprise are growing more serious because, as Bob noted, the money is with the enterprises and the threats follow.

The second emerging challenge is the consumerization of IT. Employees no longer do all their work on a (hopefully) secured company workstation. Instead, they are flipping through presentations on their personal tablets and checking emails on their smartphones. While on one hand, this is great as it allows users to stick with the devices they prefer and are comfortable with, and encourages them to work wherever and whenever is convenient, it also means that hardening single data endpoints is no longer enough, as an enterprise can’t know what device its employees will be working on. Already, a recent survey of IT managers reveals that employees use personal devices for work in almost 90% of companies, and that most do not have the tools to manage them.

Lastly, the cloud is changing how IT is delivered. Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service are reinventing how we consume and interact with IT. Again, cloud computing has brought many benefits, but also its share of challenges as CTOs, CIO, and CISOs adjust and make their security work for a new paradigm.

Adapting to this threat environment requires a risk management approach. As Kawalec noted, enterprises must plan to fail and expect to be under attack not just from malware or malicious code in general, but also internal threats, the quintessential example being Bradley Manning and all the anonymous contributors to WikiLeaks. This complicates security not only because social engineering and trusted users can get around any current technical solution, but also because their motivations tend to be different from traditional criminal hackers. If enterprises assume that their networks are already compromised, they need to protect them with a remediation approach. An example would be Triumfant’s Configuration and Change Management Tool, which effectively scans networks for anomalies before users even notice that something is wrong, and then reduces infection turnaround time from days to minutes as it implements solutions at the click of a button then fills on gaps from healthy computers if important file systems have been deleted.

Still, even with products emerging to help enterprises “plan to fail” at perfect internet security, dealing with a shifting IT paradigm and threat environment takes a different kind of CIO. Today’s CIOs and CISOs need to understand architecture, vision, and design, to see the system on both macro and micro levels to reduce security silos and provide robust solutions for a changing world.