When less isn't more

Share this article:
Illena Armstrong, VP, editorial, SC Magazine
Illena Armstrong, VP, editorial, SC Magazine

Among the some 400 attendees at last month's SC Congress New York, fears bandied about crossed various spectrums. Dealing with cloud service providers slow to address customers' security needs or the threats brought to companies because of mobile devices or BYOS (bring-your-own-services) were quite the hot topics. As well, supply-chain attacks from politically hostile countries and public-private partnering made the list of concerns discussed during speaker sessions, keynotes and social hangs. 

Although information security pros hitting the one-day conference and expo left it armed with plenty of tips and recommendations on how to address some of these and still other troublesome problems, it was clear that most have an overload of issues to sort out and a need for more…well, more everything – whether from their bosses, other staff, service providers or maybe even the government.

It was obvious based on many questions posed to experts speaking during the event that the level of attention service providers give to security is lacking. Yeah, there are SLAs, but it seems that many of the data protection requirements noted have some cheeky loopholes attached. For now, though, customers must take responsibility for holding their providers responsible for agreements forged. If contractual promises include implementation of certain security mechanisms to help protect transactions or stored data, for example, or incident response when a breach of information happens is a requirement, then customers must hold providers accountable. Meantime, market forces will continue to push cloud providers, ISPs and still others to buy into the notion that without security being a prominent part of their offerings, they're likely to increasingly lose business to those who make it so. 

“When the government seeks out private entities' intelligence and then fails to provide some of their own because it's ‘classified' and all, that long-touted two-way street quickly crumbles.”

– Illena Armstrong, VP, editorial director,    SC Magazine

Federal government agencies could step up a bit, too. Sadly, though, we've heard not a peep from either presidential candidate on how they intend to do so when it comes to cyber security – with the exception that the Obama administration may be piecing together an executive order. And that's mighty ironic given how reliant the country's economy is on technology and the internet. Sure, information sharing about the occurrence of attacks, threats from cyber criminals, nation-states and other adversaries would help organizations to concentrate on weaker areas of their infrastructures. However, when the government seeks out private entities' intelligence and then fails to provide some of their own because it's ‘classified' and all, that long-touted two-way street quickly crumbles. 

Then there's the bosses…No doubt, budgets are tight. But, they're bound to get tighter if a company falls victim to a massive identity theft heist that leaves customers running to competitors and has the victimized company paying government fines, incident response costs and credit-check services. In failing to underestimate the importance of proper support for security, privacy and compliance endeavors is to become the next my-business-is-clueless headline. And I can't think of one executive board member, CEO, corporate attorney or PR specialist who would look forward to that. 

So think about bringing your CEO to SC Congress Chicago on Nov. 8. They might actually become a little more convinced that more money and staff for you would be a good thing – for both them and the companies they oversee.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Editorial

Sign up to our newsletters

POLL

More in Editorial

A long-overdue change

A long-overdue change

Debates about the dearth of women in IT security and, well, a lack of diversity in the field overall, seem to be edging our space closer and closer to some ...

Heart of darkness

Heart of darkness

Just how vulnerable are we to an assault by the NSA, asks Illena Armstrong, SC's VP, editorial.

Can good come from bad news?

Can good come from bad news?

Despite the bullishness around information security planning and budgeting seen in the results of our survey, we're still seeing breaches like those experienced by Target