Security Essentials for CIOs
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  lovejoy security cio ciso kris ibm
0 Comments | 4,245 Visits
In a partnership with the IBM Center for Applied Insights, Kris Lovejoy, IBM's VP of IT Risk, will be publishing a series of ten whitepapers on the topic of security essentials for CIOs. To view the series website, please visit us on the web.
IBM's X-Force Research and Development team called 2011 "The Year of the Security Breach." It was an unprecedented year for not just instances of data loss/theft but also a number of other different attacks where the goal wasn't necessarily to capture information. Things like DDoS attacks where company websites are brought down played a significant role as hactivists used this attack to make politically motivated commentary. We also saw new types of threats targeting things like mobile phones. What had previously been a theoretical threat, became a real threat in 2011. We saw the development of attacks that took advantage of the specific capabilities and marketplace around mobile phones, such as creating a malicious application that, when installed, would send text messages to premium numbers to run up large phone bills. We've seen elements of this type of attack before (malicious software disguised as legitimate software, attacks designed specifically for profit), but the new capabilities and connectivity of mobile phones opened up new avenues to achieve these ends.
As the world changes, and becomes more interconnected, instrumented and intelligent, security challenges, like the one I just spoke about around mobile phones, will continue to evolve. Mobile phones represent a very current and telling example of some of these changes. Employees want to bring their personal devices into the workplace, and those devices will be used constantly for a mix of work and personal use. Balancing necessary security controls with all the connectivity and capabilities that modern employees want is not an easy task. It also represents only a single example of the security challenges we will face around a hyper-connected work force (and world for that matter) as well as one in which traditional network boundaries are dissolving. Looming still are the implications of security and the Internet of things. Moving forward, we will be forced to continuously consider the ramifications of plugging "things" into the Internet in order to provide new capabilities in areas such as data collection and management.
With both cloud and mobility we are also seeing a world in which everything is everywhere. Your company's data is no longer just sitting in a company database, being accessed on a company workstation. It's walking all over the world in the hands of your employees. In addition, your IT shop might be a blend of in-house resources, strategic outsourcing and maybe you are even using 3rd party cloud infrastructure for some of your work. These changes usually happen because they represent opportunities to grow and become more efficient and we all want to do these things. However, what it is doing, now more than ever, is making security both more difficult and more important.
This new world can offer a lot of promise, and security can hold you back if it's absent, or it can help you move forward with confidence if you know what you are doing. The reality we now see is that if security teams can address the way the world is changing effectively, then they could be the real key to unlocking all of these new opportunities.
IBM believes that this change will ultimately play an important role in shaping the role and significance of security leaders. Much in the way in which the CIO has changed from someone who was responsible for IT maintenance to someone who was responsible for bringing about important strategic change within the business, so too will the role of security leaders, whether they be CIOs, CISOs or in some sort of executive risk management function, take a more strategic role in the business moving forward.
Over the course of the coming months, IBM's VP of IT Risk, Kris Lovejoy, will be doing a series of papers around "Security Essentials for CIOs." She will be talking about what she sees as the starting considerations of an effective approach to IT security. In this recent Forbes article Kris gave a brief overview of some of the topics that she will discuss.
As each new article in the series become available over the course of the coming months, I will link to each in the following post.
1) Embracing Innovation with Confidence
2) Embracing Mobility-Their device, your data
3) Educating everyone to guard the cloud
4) More to come soon!
Make sure to follow IBM Security ( @ibmsecurity ) and the IBM Center for Applied Insights ( @IBMCAI ) for any updates on this series as well as other important news and updates from IBM.
You can visit the landing page for this series on the web, here.