CSO Perspective Part I: Lara Croft and Corporate Security?
This week, I am doing two presentations at CSO Perspectives 2011. I look forward to sharing the stage with two dynamic CSOs who have deep experience securing their enterprises from every attack imaginable. And they both have their own views on how to deal with a fast-paced threat environment in ”organizations without borders.”
Jerry Archer is the Senior Vice President and Chief Security Officer for Sallie Mae. We’re going to talk about what Angelina Jolie has to do with data loss prevention. Sounds interesting, right? But Jerry and I have been talking about doing this talk for some time now. It will be a great discussion.
Look, the threat landscape has rapidly changed - combined with the IT infrastructure transformation that is taking place because of Mobility, Cloud and Social Networking. Threats are coming over your most used and critical channels – Web and email attacks are blending, your perimeter is eroding and it has become much less effective to use legacy controls to stop threats as they come in the door. Many people I talk to still assume their firewall, IDS, Filtering, and Anti Virus solutions are going to save them. This is where the Angelina Jolie and Tomb Raider analogy comes in: it’s inevitable that the bad guys are going to get in at some point. So, you better also prepare to stop them from leaving with the treasure, if you are watching your content. The key thing is you can’t rely on the same solutions that let the bad guys in to stop them from getting out with your treasure. Once the bad guy has the treasure it becomes easier to find them because you have more knowns.
I have sat with 100’s of CISO and CIOs over the last 7 months helping them develop security strategies to deal with this changing world. We are going to talk about how to put this into practice leveraging our experience. With recent security news, this should be top of mind for a lot of you.
With that in mind, how you would answer these questions:
- Where do you think your organization is the most vulnerable
- What have you found is the most effective method for combating blended attacks?
- Given the current landscape with WikiLeaks and targeted attacks, what’s your best advice for organizations looking to protect confidential data?
Let me know what you think in the comments below and I’ll try to weave them into the discussion. I’ll let you know more about the second conversation: It’s Not Just the Devices: Getting a Secure Handle on Rogue Cloud Applications in my next post.