October. It’s a month marked by shorter days, a proliferation of horror movies, pumpkin spice…and National Cybersecurity Awareness Month (NCSAM)! Launched by the National Cyber Security Alliance and the U.S. Department of Homeland Security in October 2004, NCSAM was started to help educate both consumers and businesses about how to stay safe online.
Inspired by NCSAM, my colleague Cindy Provin recently wrote about data security strategies that enterprises are implementing in their approach towards cybersecurity. One of my favorite takeaways was: “as with any big challenge, you can break down enterprise security into manageable components that work together to mitigate the risk.”
Work together to mitigate risk. It’s something Thales takes seriously on many levels – and it’s one of the reasons we’ve also tapped our valued technology partners to share their insights about pressing cybersecurity-related topics. While NCSAM was the impetus, we plan to continue sharing their perspectives in the coming months. For now, we’re kicking things off with our partner BeyondTrust, a global information security software company that helps organizations prevent cyber-attacks and unauthorized data access from privilege abuse.
Thales: What skills are most needed for a long career in cybersecurity?
BeyondTrust: There are a few basic skills and traits that include:
- The constant desire to learn new things. The threat landscape is always changing and the desire to learn something new is critical in order to stay active in the community. This is not only about modern threats, but also about new tools and strategies to identify and defend against them.
- Being a detective. A cybersecurity professional must be a detective that can piece together data from many sources in order to formulate a conclusion.
- Avoid boredom. Security professionals can get caught in the mundane repetitive tasks of log analysis, vulnerability scanning, and rule maintenance. Challenge yourself and avoid long term repetitive tasks, otherwise you will burn out and become complacent.
Thales: How best do we build trust in cloud environments?
BeyondTrust: Trust is always earned and rarely given blindly. In order for it to be built in cloud environments there are several things that must occur:
- Trust implies reliability. Cloud environments must be resilient and reliable to deliver services.
- Trust implies security. The old expressions is true, “Fool me once – shame on you. Fool me twice – shame on me.” Security issues in the cloud will always be remembered and team members will not be tolerant if the same mistakes happen repeatedly.
- Trust implies faith. Being able to sleep at night is key. One of the most common panel questions is “what keeps you up at night?” Having faith for reliability and security helps build trust for cloud environments. This is ultimately driven by metrics to prove it is delivering as promised.
Thales: One big theme of NCSAM is “cyber resilience”. What does “cyber resilience” mean to you?
BeyondTrust: Cyber resilience is the ability for a technology to have automated exception handling without disrupting services. This implies that in the event of an attack, natural disaster, or even outage, the technology is resilient to restart, defend, and not jeopardize the integrity of the mission by becoming a security risk or creating additional problems.
Thales: What are your customers’ most common data security pain points?
BeyondTrust: Our customers’ most common data security pain points revolve around basic cybersecurity hygiene:
- The management of passwords, privileges, and sessions within the environment and access to sensitive data.
- The ability to assess cybersecurity risks in the form of missing patches and poor configurations, and remediate them in a timely manner.
- Provide attestations of privileged activity and limit access to crown jewels.