GAO report focused on ongoing lack of security in government systems. Art Gilliland, who recently became CEO of Skyport Systems after serving as SVP of enterprise security at HP, and Doug Gourlay, corporate vice president at Skyport have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Art Gilliland, CEO of Skyport Systems :
“The issues that the GAO has identified with regard to limiting access to and control over system wide computing resources are at the heart of the problem for all organizations, in government, enterprise and SMB,”. “Not know who is accessing what, or when and how they are using that information, is the most critical issue in security today. The ability to develop and action an audit trail across the entire system, forever, is the key to improved security for critical resources.”
“Ongoing control and audit of not only human access but also system connections is critical,”. “The underlying challenge is that systems are designed to be open by default, leaving it to organizations to actively close all of the doors to secure them. Unfortunately, people make mistakes. In addition, the lack of skilled security professionals means organizations can’t even hire the folks they need. Newer approaches where security is a fundamental part of the platform, greatly improve security. Organizations should be adopting systems secure by default.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Doug Gourlay, Corporate Vice President for Skyport Systems :
“Segregating duties, and the ability to enforce that by compartmentalizing applications and limiting access to each, is critical to organizational security today,”. “The biggest threats come from inside the perimeter, and are based on people having access to material and information that’s simply not relevant to their work. There’s no technology that can effectively assess people’s intentions on a daily basis, but we can limit who has access to what, and very effectively track and analyze when and how they use the data they have access to.”[/su_note][su_box title=”About Skyport Systems” style=”noise” box_color=”#336588″]At Skyport Systems we develop Hyper-Secured Infrastructure that ensures the security of critical IT and corporate assets, with tight integration of compute, security, virtualization and policy management. We believe that computing infrastructure should be secured-by-default, starting with a secure supply-chain, validating the hardware and software integrity continuously, add an additional policy enforcement point as close to the workload as possible, and continuously monitor and audit every transaction, connection, and administrative action with a secure data warehouse.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.