"Our enemies are no longer known to us. Our world is not more transparent now. It's more opaque" (M from Skyfall – James Bond 007). This is a powerful quote with many truths in a cyber security world where threats are becoming more targeted and sophisticated. How can organizations be expected to maintain a strong security posture with the risks associated with advanced persistent threats and privileged users while also adopting cloud-based solutions, next generation mobile devices, and social media?
Not too long ago it was unacceptable for enterprise users to bring their own device or use a public web service (what we refer to as SaaS today). The rationale was that allowing an employee to bring an iPhone into the enterprise or have corporate data sitting in someone else's infrastructure was inherently not secure. Fast forward and BYOD and public cloud services are common practice across a growing number of organizations. Many of the risks from several years ago still exist and for many the cost savings coupled with business agility help justify adoption of these solutions. So the question is can these next generation solutions be as secure? Looking at the situation through the lens of risk management I would say the answer is “yes”. If you asked an IT administrator 10 years ago if data could be stolen from the organization he worked for he would be lying if he said “no”. Take for example the insider threat, disgruntled employee, or even something as trivial as losing a USB thumb drive. What’s changed are the attack vectors (thanks to these wonderful new technologies) along with the threats being much more sophisticated, coordinated, and targeted.
With mobile devices and public cloud we're simply forced to now think of the perimeter as the data itself. As a result the industry is augmenting traditional network security offerings with those that provide control over information whether it be structured data such as credit cards, unstructured data such as spreadsheets, or even entire virtual machines. New and innovative security solutions are entering the market that are enabling trust no matter where the data resides. With that we’ll see increased enablement and adoption of disruptive technologies that will transform the way business is done globally.