Technology, Security

CIOs grapple with changing dynamics of enterprise security

Social media is the Inside-Out threat to Enterprise Security

Leadership Article by,

The rapid ascent of social networking, the explosion in mobile devices and technologies, and the growing spectre of cyber terrorists operating like organized crime are key factors changing the face of enterprise security in profound ways. For CIOs, security challenges naturally lead to the question of balance.  Just how do you balance the competing demands of securing enterprise data with the requirements to give users the ‘instant’ access to data they demand any time, any place and from just about any device?

“Threats [today] are much more sophisticated and much more persistent,” says Woody Hall, CIO of General Dynamics Information Technology.  Standby defenses, like firewalls, just cannot keep the threats at bay.  As Hall states, “They’re going to get in.  So it’s not if, it’s when.”

 As a result of this new security reality, some CIOs are shifting from defensive to more and ore offensive security measures.  To some, this has meant turning increasingly to security partners for help. As Joe Spagnoletti, CIO of Campbell Soup Company, articulates, “It would be impossible for a company like mine to invest the kind of money to continue to innovate security techniques and capabilities to prevent all those different types of threats that are out there.”

Beware the social ‘net

Spagnoletti has further identified social networking as a new frontier and concern for enterprise security.  It is, as he calls it, the “inside out” threat.  Employees – ‘insiders’ – leaking information ‘out’ onto social networking sites are a major threat to an enterprise’s security.  Social networking has the potential for intentional or unintentional loss or leaking of information that could impact a company’s brand or reputation.  Yet as shown by CSO Magazine’s 2011 Global State of Information Security Survey, over three quarters of organizations polled do not even have social networking written into their security strategies.  Thus CIOs should view security as no longer just about monitoring threats but also about educating employees on protocols for sharing information.

The growing sophistication of threats and the new frontier of social networking are some of the biggest changes to information security in recent years.  Yet the mounting security in response to these challenges cannot hamper an enterprise’s agility.  The best option to help CIOs balance agility and security is to have a risk mitigation scheme in place.  CIOs must also utilize education.  Spagnoletti stresses the importance of providing “education and skills [to] help people (employees) understand their responsibilities in using information correctly.”

CIO Enterprise Security Action 

According to the 2011 State of the CIO Survey, improving security and risk management is a top management priority for 40% of CIOs.  Meanwhile the 2011 Global State of Information Security Survey found only 65% of respondents have an overall security strategy in place, 53% utilize vulnerability scanning tools, and 45% have wireless security standards and procedures.  To help CIOs improve enterprise security, here are some common sense security action items.

  1. 1.     Write social networking sites and other Web 2.0 applications into your overall security strategy.
  2. 2.     Educate your employees on appropriate and inappropriate information sharing protocols.
  3. 3.     Turn to trusted partner to help monitor security risks.
  4. 4.     Implement a risk mitigation scheme.
  5. 5.     Incorporate offensive measures, such as monitoring for changes in usage patterns in order to swiftly respond to potential security breaches.

 

(2) (2)

Discussion
Would you like to comment on this content? Log in or Register.
blaberis
Bill Laberis 151 Points | Tue, 08/07/2012 - 13:49

Increasingly you have to wonder just what is safe today. Computerworld ran an article yesterday about hackers getting into fleets of cars and trucks and messing with everything from horns and lights to driving habits (http://www.computerworld.com/s/article/9229919/Car_hacking_Bluetooth_and...). And a consumer cloud services provider finally admitted last week it was hacked - by its own customers!

jdodge
John Dodge 1437 Points | Wed, 08/08/2012 - 18:45

A Fedex driver in one those boxy vans passed me on 128 yesterday going 80 plus...the driver's side door was open or the vehicle did not have one...talk about lax security (or safety in this case...)

Like Woody says, it's not if, it's when...

pearl
Pearl Zhu 90 Points | Fri, 08/03/2012 - 16:31

Social/Mobile makes agility and security are two sides of coin, the good strategy is about trust, but verify, educate, beyond monitor, and make each employee the security champion by building good culture and talent management discipline. thanks