A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
Cyber Security Commentary
July 28, 2009 at 11:55 am #76635
Other than providing some amount of advertising for his employer, Mr. Dover brings to the blogsphere an issue that IMO SHOULD be somewhat widely discussed, whether it be discussed within private enterprise or the public sector.
Transforming Security from Obstacle to Business Enabler Tuesday,
Author: Colin Dover
When I joined McAfee three months ago, I was pleasantly surprised to find that McAfee operates in a flexible and supportive technology environment where security is applied but discrete and transparent in everything we do, from the use of personal smartphones to Facebook to instant messaging (IM). Our CIO challenges his security architects and risk management teams to give us the freedom to do our jobs while still protecting the business and proving it every step of the way. Their charter is to become trusted and empowering custodians of our information assets and security.
That challenge is the same one being issued by CIOs around the world: how do we transform security from a perceived obstacle into a supportive, dutiful business enabler? How do IT teams allow the adoption of new technologies without the risk of opening security gaps and ending up with egg on their face or worse?
It starts by acknowledging two realities: the art of hacking has evolved from being a mostly harmless hobby to a huge, profitable industry. According to a report from Purdue University’s Center for Education and Research in Information Assurance and Security, companies surveyed estimated they lost a combined $4.6 billion worth of intellectual property last year alone and spent approximately $600 million repairing damage from data breaches. A trillion dollars every year! This doesn’t even include the cost of litigation, the erosion of brand value, and ultimately business/customer loss.
The second reality, and one that CIOs are grappling with, is the fact that their current security architectures and processes were simply not built to handle the complexity, severity, or quantity of threats we are seeing today. When spam was just a nuisance, you could put a filter on inbound email and move on to your next task. Now email is the carrier for intelligently developed phishing attempts, and it doesn’t look like spam anymore; a complex breach that could severely impact a business could come from innocently clicking on an application link in Facebook. Worse, security architectures of the past were not built to handle the demands of the distributed, mobile workforce. You need to jump on to less-than-secure networks at the airport, send your vendor a list of customers, and share your patents with manufacturers around the world. And someone is waiting in the wings to acquire and sell all of that information.
McAfee understands and is helping CIOs around the world face these challenges head on. The concept of “optimizing” architectures simply means figuring out ways to integrate processes, get better visibility and control over their security posture, and go from a reactive state of managing security to a proactive state where security is ever-present but transparent to the business. It’s been thrilling to learn that security at McAfee is handled this way, and we help our customers get there as well. And with this week’s launch of McAfee e-Policy Orchestrator (ePO) 4.5 software, I see the opportunity for more and more organizations to readily make the journey from a reactive to an optimized security posture.
You must be logged in to reply to this topic.