Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Security Authors: Ambuj Kumar, Shelly Palmer, Slavik Markovich, Elizabeth White, Greg Ness

Related Topics: Cloud Computing, Cloud Security Journal , CyberSecurity Journal

Blog Post

What Anthem and Sony Could Have Done Differently By @IanKhanLive [#Cloud]

Let’s look at how to tackle security vulnerabilities from an organizational point of view rather than putting in more firewalls

What Anthem, Sony and Others Could Have Done Differently

They say that you are only as secure as your weakest firewall. But then is it just firewalls that protect our network and the information therein, or is it the framework, the policies and the processes that have cracks that let the vulnerabilities seep through?

Hackers will be hackers and you really can't blame anything on them. They are doing what they are meant to do, i.e., hack. Now that’s a completely different topic as to why unethical hacking is bad and so on. That’s next time. Right now, let’s talk about what we can do on our side. In addition to getting the best IT security systems, firewalls, more firewalls, anti-hacking everything and so on, it’s also essential that with moving times, or let’s say more intelligent hackers, we address the foundations of the problem. Here are three best practices to consider.

Take Sensitive Data Seriously
Really the first step is to take all kinds of sensitive information, be it social insurance numbers, credit cards numbers or any other kind of information you classify as highly important, sensitive, classified, not to be Sshared, I think we got the point. Customers have trusted your organization and have given you the responsibility of keeping their information safe. Let’s make sure we do everything in our power to make that happen. This is going beyond your first response planning, disaster recovery and other means to ensure the safety of this data. I'm not trying to blame anyone for not doing what they could have done, but definitely there are areas where we may underestimate the severity of the situation and as we can see, it's sometimes better to be safe than sorry. Violating customer data and privacy is breaking one of the biggest tenants in any business - Trust. They may or may not forgive you the first time, but mind you, there aren’t many chances you will have before they start moving away.

Invest in Your Processes
Making security a norm within the organization is not only at the network level. Creating the processes that pave the way for secure enterprise systems, secure collaboration, file sharing, document management, code management and more not only help enable a secure environment, but also help create a complex redundant system that works. In a large complex organization with hundreds or thousands of employees, create a hive of activity that needs to be managed and made safe. This includes simple tasks such as sharing a file with a vendor or downloading content or files from an external source as secure as possible. Of course the biggest challeng is to do this without overburdening the users and creating systems that are friendly yet rock solid secure.

Invest in the Right Solution from the Start
When looking at solutions that your teams may need, don’t fall for the quick and easy option that offers the best of everything. Instead focus on each operational element of the solution and evaluate its strengths and weaknesses individually. As an example, if you are looking at implementing an enterprise-wide solution for content management or collaboration, make sure that in addition to being a true enterprise solution, it also stands for itself when it comes to being secure, offering features that users need, being available on the deployment model you need and so on. Falling prey to solutions that seem an easy win for different segments, such as consumer-level solutions being used in the enterprise, are a vulnerability. Take inventory of all your solutions or your enterprise software footprint and take stock of all the vulnerabilities that exist within each solution. This may become a mammoth task, but may be worth your while.

Enterprise security poses a number of challenges. How are you addressing the ones in your organization? Feel free to comment.

More Stories By Ian Khan

CNN Futurist, Forbes Contributor, Author, 3 Time TEDx Speaker and Technology Futurist, over the last 20 years Ian Khan has had the privilege to serve the needs of over 5000 organizations by fueling their growth through technology solutions. He has helped a diverse set of businesses ranging from Technology Companies, Oil Companies, Power Generation & Renewables Operators, Microsoft Ecosystem Partners, SAP Customers and Partners, Healthcare Providers, Manufacturers, Facility Operators, Startups, Educational Institutions, Nonprofits & associations and more. Ian’s experiences with these organizations led him to a unique position of being able to identify the common challenges of growth for all these organizations. The bottom line as he found out, is that we all are hungry for success and want to grow and make a difference. Where we fall short is by failing to understand our environment and taking the right action within that environment. After 20 years serving the needs of the industry Ian’s natural pivot was to answer his calling and help organizations at a broader level understand what tomorrow brings. His work and study of all these organizations brought forward very unique perspectives that he now share through his work. Today, hands down, we live in the great time for humanity. Technology is a great thing, but it also has its victims. Many organizations of tomorrow will fail under the pressure of a fast changing world, much of which is fueled and driven by technology. Ian’s mission is to help organizations avoid that pitfall, and propel themselves into success in today’s era and go from digital disruption to digital transformation in the fastest and most sustainable way. This is the only way, according to him, we can together create limitless value, create solutions that are faced by us locally as well as by others around the globe, and make the world a happier place. Today Ian’s work spans working with people by delivering keynotes, consulting and by promoting his 7 –Axioms methodology through his book and workshops. He is also working on an ambitious project of releasing a documentary in spring of 2018 called Industry 4.0. Industry 4.0 will capture the thoughts and insights of some of the world’s leading thinkers and help us understand the 4th Industrial Revolution, Its Impact, and how we can all be have an opportunity to be part of the emerging future and make the right choices. For more information please visit www.iankhan.com