Friday, August 19, 2011

Securing New Technologies

Our nature is to resist change and fear the unknown.

Security isn't about eliminating risk. It isn't about saying no. Security is about knowledge; understanding risk and putting security risk in the right context, so business leaders can make informed decisions. When security is done right, it enables the business to embrace new and potentially transformative technologies and use them wisely to innovate and grow and produce business value. In today's global marketplace, leveraging new technologies to create a competitive advantage can mean the diference between businesses that succeed and those that fall by the wayside.

Today's technology is changing at a rapid pace, the enterprise perimiter is eroding and securing endpoints is not becoming any easier as computing is becoming ubiquitous; becoming embedded in our vehicles and consumer devices, in an increasingly interconnected worldwide web. In order to trust endpoints, transactions and secure information appropriately, technical solutions and standards are necessary but not sufficient themselves to solve the problems we face.

The key to securing new technologies is collecting more and better quantatative data about the threat landscape associated with the technology, as well as device, configuration, event and transaction information. Knowledge comes from the judicious use of this information, given that the answers we get are only as good as the questions we ask. This means taking huge data sets and reducing them to something that is manageable, while maintaining the integrity of the data. Data sharing between peers and in public and private partnerships will help to standardize how we collect and use this data and lead to better threat intelligence and risk management. With a methodical approach to model and use this data, security risk will no longer exist in its own silo, but become a part of the overall evaluation of business risk as meaningful security metrics mature in the coming years.

Change is inevitable and resistance is futile. If we fail to embrace new technologies, we are likely to watch our competitors pass us by. Knowledge is the key to understanding and providing creative ways to manage security risk in the face of uncertainty, and necessary to combat the fear that accompanies new and potentially transformative technologies.