Among the some 400 attendees at last month's SC Congress New York, fears bandied about crossed various spectrums. Dealing with cloud service providers slow to address customers' security needs or the threats brought to companies because of mobile devices or BYOS (bring-your-own-services) were quite the hot topics. As well, supply-chain attacks from politically hostile countries and public-private partnering made the list of concerns discussed during speaker sessions, keynotes and social hangs.
Although information security pros hitting the one-day conference and expo left it armed with plenty of tips and recommendations on how to address some of these and still other troublesome problems, it was clear that most have an overload of issues to sort out and a need for more…well, more everything – whether from their bosses, other staff, service providers or maybe even the government.
It was obvious based on many questions posed to experts speaking during the event that the level of attention service providers give to security is lacking. Yeah, there are SLAs, but it seems that many of the data protection requirements noted have some cheeky loopholes attached. For now, though, customers must take responsibility for holding their providers responsible for agreements forged. If contractual promises include implementation of certain security mechanisms to help protect transactions or stored data, for example, or incident response when a breach of information happens is a requirement, then customers must hold providers accountable. Meantime, market forces will continue to push cloud providers, ISPs and still others to buy into the notion that without security being a prominent part of their offerings, they're likely to increasingly lose business to those who make it so.
“When the government seeks out private entities' intelligence and then fails to provide some of their own because it's ‘classified' and all, that long-touted two-way street quickly crumbles.”
– Illena Armstrong, VP, editorial director, SC Magazine
Then there's the bosses…No doubt, budgets are tight. But, they're bound to get tighter if a company falls victim to a massive identity theft heist that leaves customers running to competitors and has the victimized company paying government fines, incident response costs and credit-check services. In failing to underestimate the importance of proper support for security, privacy and compliance endeavors is to become the next my-business-is-clueless headline. And I can't think of one executive board member, CEO, corporate attorney or PR specialist who would look forward to that.
So think about bringing your CEO to SC Congress Chicago on Nov. 8. They might actually become a little more convinced that more money and staff for you would be a good thing – for both them and the companies they oversee.