In the presidential election, cyber security was a major issue as hacked emails reveal a host of political embarrassments and add fuel to the unprecedented political discourse in this country. One person who will inherit this issue on day one of his or her new job is the incoming United States Chief Technology Officer, who will be nominated by President-elect Donald Trump.
Albeit inherently important, cyber security didn’t top the charts of concern when the last CTO, Megan Smith, was appointed by President Obama in 2014. Back then, security in the data center and the (virtual) workspace was completely different than it is today. In fact, cybercrime was only a worry for Top 1,000 companies and the military.
Corporate IT departments used spam filters and enterprise-level secure access solutions such as IPsec VPN to give PC hosts access to the entire private networks. However, the user experience to access business files and applications suffered because the productivity needs of departments were not always coordinated with centralized IT systems and policies. As big data continues to rise and privacy issues take center stage, all eyes should be on IT security for the incoming CTO of the United States, especially in light on the distributed denial of service attack (DDoS) last month that took down a large portion of the Internet for most of the East coast.
Everyone’s Data is Worth Something
As the world becomes more digital, concerns around cyber security in the modern workplace, HaaS (Hacking as a Service) and data theft will continue to grow. No matter who you are or what you do, your data is invaluable to you. But do you have any idea of what your identity and what your information is really worth and what a data breach will cost you?
Too often we use the same simple username and password for dozens of apps and services supported online and on our mobile phones and tablets. We’re also putting financial information and our social security numbers online or on our mobile devices to access certain websites and apps or to make online purchases. Add this to the proliferation of Bring Your Own Device (BYOD), virtual desktops, cloud based computing and of course Internet of Things, coupled with a new level of exposure to cybercrime such as ransomware, data breaches and identity theft, which continues to worsen. CTO of the Unified States, welcome to the real world.
Data Sovereignty and Privacy
Data sovereignty laws, which define who has control over and access to cloud-stored data, will play a significant role in data security moving forward. Data sovereignty requires data stored in a foreign country still be subject to the laws of that country. For example, if an American company is using a data center located in the U.S., but an Australian company operates the data center, that data can be accessed without the company’s permission or notification by Australia.
Governments have become increasingly concerned as the cloud moves data outside government jurisdiction to locations where data protection laws are less stringent, or various rules apply. A concern for the CTO in regards to data sovereignty will be about upholding privacy regulations and preventing other countries that store U.S. corporate data from avoiding subpoenas.
What’s next?
The new CTO must consider a wide range of solutions to these challenges. We need more awareness and education to encourage the use of encryption and smarter security software on our managed and unmanaged devices. We need better understanding of privacy, better understanding of the value and risk of sharing our data with governments and (media) companies such as Google and Facebook as well.
In the near term, more pressure is needed on IoT device manufacturers to make the device more secure by design. Additionally, in the workplace, policies must be clearer on the use of BYOD. It may require the IT departments of government agencies and corporations to take control of mobile and workspace devices to provide additional layers of security and protection. To reduce cost and complexity, these organizations must also consider a holistic approach to managing data and virtualizing and containerizing IT resources that deliver services and applications. Even better, it would mean having centralized processes and technology solutions that tie together the deployment, monitoring and management of workspace applications, data and the associated IT infrastructures.
The new CTO will also need to look at technologies that will enable organizations to extend the life of their existing IT infrastructure, such as software-defined storage (SDS) while also seeking opportunities to adopt new innovations such as hyperconvergence, containers and cloud infrastructures to improve performance, ensure data mobility or bring new applications quickly to market.
In addition, having data in multiple remote locations including the cloud will enable businesses and government officials to recover information and resume operations quickly to save time and money. By making recommendations to improve data mobility, availability and uptime, the CTO will help ensure better overall security and tackle any data sovereignty issues that may arise.
As the presidential election has come to a conclusion, it will be interesting to see the direction of this crucial CTO selection. While technology has meant different things at different times during our lifetime, one thing is clear: its potential impact will require a higher degree of education, regulation, monitoring and protection. What recommendations do you have for an incoming CTO of the U.S.?
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.