Enterprises Must Address Internet of Identities Challenges

As November ends, everyone and their brother/sister will be writing about their IT and security predictions for 2018. Here’s a no-brainer from me: We’ll see massive proliferation of IoT devices on the network next year. Some of these will be general purpose like IP cameras, smart thermostats, smart electric meters, etc., but many others will be industry-specific sensors, actuators, and data collectors. Managing the deployment, operations, and security of all these devices will be quite challenging. Someone must figure out network access controls, connectivity, segmentation, baseline behavior, network performance implications, etc. This is where identity comes into play. Each device should have its own identity and attributes that govern connectivity, policy, and trust. My sagacious colleague, Mark Bowker, calls this trend the Internet of Identities (IoI). With Mark’s help, I introduced the concept of IoI in this blog, and further elaborated on the massive changes the Internet of Identities will bring in this one. So, IoI is coming fast, but ESG research indicates that many organizations are not prepared for the onslaught because: To read the complete article, CLICK...

Read More

Cybersecurity, Mobility, and the Expanding Perimeter

As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today. To read the complete article, CLICK...

Read More

Cloud Security Priorities and Synergies with Enterprise…

According to ESG research, 63% of mid-market (i.e., 250 to 999 employees) and enterprise (i.e., more than 1,000 employees) are currently using software-as-a service (SaaS), 33% use infrastructure-as-a-service (IaaS), and 27% employ platform-as-a-service (PaaS) today. Additionally, 72% of all firms are increasing their spending on cloud computing initiatives this year. (Source: ESG Research Report, 2014 IT Spending Intentions Survey, February 2014.) Wasn’t IT risk supposed to put the brakes on cloud computing deployment? Security professionals are still quite concerned. In an ESG research survey, infosec pros identified numerous cloud security risk areas as follows (Source: ESG Custom Research, IaaS Security Survey, September 2013.): To read the complete article, CLICK...

Read More

The Two Cornerstones of Next-Gen Cybersecurity (Part 2)

In my last blog, I described a new security mindset to address the lack of control associated with “shadow IT.” As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: ensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies. In Part 1 of my blog, I described how data security must become smarter about the sensitivity of the content and where it resides across enterprise and 3rd party networks. Aside from deeper data intelligence however, we also need much deeper identity intelligence than the basic user name, password, and role descriptions we have today. This makes identity the other cornerstone of next-generation cybersecurity. As enterprise IT morphs into “shadow IT,” identity management will act as an anchor and must include: To read the complete article, CLICK...

Read More

The Two Cornerstones of Next-Gen Cybersecurity (Part 1)

Every CISO I speak with tells a story fraught with common anxiety about the future of information security. As the world becomes more mobile, consumer-centric, and cloud-based, IT gets more distributed and complex while the IT department has less and less control. This presents a real conundrum for security professionals who’ve been trained to seize control and lock down as much as they can. So what should CISOs do to address the “shadow IT” dilemma? As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies. Allow me to be a bit more specific. I’ll focus on data security in this blog (Part 1) and then move on to identity in a future blog (Part 2): To read the complete article, CLICK...

Read More