CIO Leadership, Security

Keeping Cloud in mind when you look at your security

Redefine your enterprise security to get risk under control

Blog-post by,
HP Blogger
,

People talk about security threats all the time, but where are those threats? If you want to visualize them, you might be interested in a small application called Pulse. You can download it to your iPAD, iPhone or your Android device. You can also see the information online at hpinfosecpulse.com.  

Pulse is an application that gives you real-time threat visibility based on the information gathered from DVLabs, HP’s premier security research organization. Since I started using Pulse to gain an understanding on how things are going in cyber security I’ve realized that  things aren’t pretty out there.

The one thing I learned is that 100 percent security no longer exists in the digital world. Unfortunately, many companies have to recognize that they have not developed a pro-active enough security strategy. They also recognize that they have notput  the appropriate procedures in place the to coop with a security breach when it happens. Instead, they are in reactive mode. The latest illustration (of a long list), is  the leakage of Apple device identifications, claimed to have come from the FBI. Actually the hackers lied, it came from breaching an app publisher who did not even realized his information had been leaked. 

Are you being pro-active or simply reactive?

We are confronted with a world where employees bring their own devices and use them for both their private and their business lives. We know some of our information resides in the public cloud. Our employees keep using social media. Our enterprise is connected through a maze. And somewhere in that maze, people are on the outlook to break into our systems and steal valuable information.

It’s no longer enough to look at security in a piecemeal approach. We have to take a comprehensive view; combining application, endpoint, network, datacenter and operations security. We need to respond in a way where we limit the risk of being broken into to a level that is acceptable. Rethinking your enterprise security and redefine your security strategy is a must. And there is some urgency.

The good news is that HP has been addressing enterprise security for years and has developed a unique expertise in that area. To make your life easier, this week, HP announced enhancements to its security portfolio. In particular, these include:

If you want to know more, go to the Security & Risk Management page.

But just putting in place security processes and tools is not enough. In preparing for the original blog post on the CloudSource blog, I ran into a white paper by Cathy Pitt, titled “Defend your business against the dark art of social engineering.” The paper is quite entertaining and made me smile… till I realized what Cathy describes can easily happen to me.

We’re out there to help people; we want to be seen as nice. And some people are out there to take advantage of our kindness to rob us. It’s a sobering thought. Now, who has not yet received an e-mail from a poor guy in Africa proposing you to help him get money out of a country? I definitely have, and that one is so obvious that I did not fall in the trap. But have I fallen in some other traps? Maybe. I actually don’t know. And that is what is frightening. Being out in the social media world, you get a lot of questions and you try to respond. In that process, are you giving things away? Maybe.

As our world is getting increasingly integrated, and as social media is used by enterprises to reach their customers and prospects, we need to train our people to ensure they are watchful for social engineering. According to Wikipedia Social engineering, in the context of security, is understood to mean the “art of manipulating people into performing actions or divulging confidential information.” While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases the attacker never comes face-to-face with the victims.

Pro-actively define your security strategy. Decide what an acceptable risk level is. Choose and implement tools and procedures accordingly and train, train, train your employees. Believe me, this may cost you money, but it will be a factor less than if your security is breached. Just think about the damage to your brand if you are compromised.  

 

(1) (1)

Discussion
Would you like to comment on this content? Log in or Register.
pearl
Pearl Zhu 89 Points | Wed, 09/12/2012 - 17:38

Hi, Christian, very resourceful blog about security/GRC, just read a series of infromation 500 reports, now more than 90% of businesses are in the cloud, so it's time to instill more innovation into risk management, re-imagine/reinvent the next gen of solutions thanks.

Christian
Christian Verstraete 413 Points | Thu, 09/13/2012 - 08:30

Peral, fully agree. In particular, when doing research for this blog entry, I found a source pointing out only 34% of enterprises had an enterprise security strategy. Most agreed they were reactive rather than pro-active. Knowing that a breach costed one of our customers over 400M$, not including brand damage, I cannot understand why not more people look to the issue. It's frightening. Or is it that people feel this only happens to others?