A single security admin that pays attention to one product will be infinitely more useful than a whole security team overwhelmed by a dozen sources of data that must be analyzed every day.
Compliance is certainly strengthening the overall security of organizations worldwide, yet we are still plagued by a variety of security risks. What should the CTO pay special attention to?
I don’t expect that to change – security risks are a fact of life. They will continue to evolve and will always be a factor for any business. There are two things I’d recommend for every CTO and CIO out there:
1. Don’t assume that SANS or PCI Council or Bruce Schneier can tell you what your top risks are. Risks are always going to be unique to your environment and depending on the business you are in they may not even be entirely network related. Focus on risks that have the most impact on your business, otherwise you will always be chasing your own shadow. Analysis of top risks affecting your business should be a regular process in your ongoing business planning. Get your organization used to the idea that managing information risk is something as natural as planning your budget.
2. I’d pay special attention to the readiness of your security team. While I do not believe security should be managed internally, there always has to be an internal team that understands security, technology and your business. Companies that use MSSPs are especially sensitive to this – often outsourcing is seen as a green light to drop your guard. Truth is that in a triage situation, when fast response and well thought out action matters, no service provider can really be a surrogate for well prepared staff. Only the people who can truly understand business risk should handle response to critical situations. Have the roles assigned, procedures reviewed and incident response plans tested before something happens. Make sure the communication, command and control paths are crystal clear. This could mean the difference between full breach or data leak, or a close call.
With the constant evolution of threats, what kind of technology challenges does Alert Logic face?
Integration with other vendors and data sources is right at the top of the list. The software-as-a-service model opens up very unique opportunities that security products have not began to leverage. Everyone knows what mashups are – you take a Google map and blend it with LinkedIn. It’s not rocket science. But what if you could do the same with SaaS security products? Geolocation, reputation services, identity awareness come to mind. Possibilities are endless.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.