What’s on CISO’s minds?
A few weeks ago, I attended an InfoSec conference in Brussels, Belgium – “Enterprise Security Exchange”.
Overall, it was a great conference, as I was able to have great discussions with CISO’s of many known and respected global organizations. Pretty much, the main topics top of mind were:
Network Breaches & Advanced Persistent Threats:
Many of these CISO/CIO’s were under a lot of pressure due to the recent high profile breaches. Security has now been elevated to CEO’s and Board members. Loss of brand, customer data and business/money is now a reality – not just a theoretical conversation. So, many of these CISO/CIO’s were examining their current security posture. Advanced Persistent threats are here, and many CISO/CIO’s believe they will be quite common.
Mobile, a topic that has received a lot of executive attention (i.e. exec’s wanting iPads, etc.). It’s no surprise that mobile devices are infiltrating the IT landscape. Not to mention the commercialization of these devices. It’s now an accepted fact that consumers are leading the charge. And coupled tightly with this topic, is mobile security and mobile device management. Unfortunately some mobile devices today required many of these CISO/CIO’s to lower their security posture (definitely due to executives demanding access before security polices/technologies were in place!). Anything to help CISO/CIO’s in this regard is highly valued!
Identity / Strong Authentication:
Due to many breaches being related to the RSA exploit, these CISO/CIO’s were concerned that their RSA tokens were now insecure. A large number of them were exploring other alternatives. Many commented on the fact that it has less to do about technology, and more to do with trust in RSA (or elements of both). Some were led to believe that the breach wasn’t going to impact the security posture of their tokens – unfortunately that turned out NOT to be the case. That being said, many of these organizations were looking at a few alternatives: Smart Cards, and/or leveraging mobile devices for authentication (Mobile OTP, Mobile as a smart card, etc).
It was great to sit back and listen to the pains, and plans of these organizations. It is safe to say that many of them are taking the recent breaches quite seriously. It has caused many of them to look at alternatives that not only are easier for the end user, but are much more secure for the organization.