As the undisputed global leader in technological innovation, it has always been shocking to me that Silicon Valley doesn’t lead the nation in cyber security best practices. I mean, if not us, then who should lead? 2014 could have easily been named “the year of the big breach” as global cyber crime cost businesses $375-$575 billion, as well as causing a net loss of up to 200,000 jobs in the U.S. alone. But when these organizations look to the region where they buy their security software, what do they see? The same questionable security practices as any other industry.
As a security and cloud technology hotbed, Silicon Valley firms could (and should) be first to share key insights for baseline cyber security must-haves. This is particularly true for cloud security, since this is quickly becoming the “go-to” infrastructure model of choice for the Valley. However, while some companies are coming out with compelling data and solutions to specific problems, a holistic approach to cloud security hasn’t been established. Right in our own backyard, firms have neglected the basics of security in general and cloud security in particular.
This needs to change. We’re seeing one high-profile company after another in the news as the latest victim of a big breach. It’s time to set the tone for managing cyber security risk, and it’s time that Silicon Valley step up. Companies can start by recognizing the following six keys to preventing many of the breaches we’ve been reading about:
1. Move security visibility and enforcement away from the perimeter to the virtual machine itself.
2. Compliance is not a sound security strategy. Compliance standards are the very LEAST companies should be doing to protect themselves and their customers.
3. Invest in security automation to be able to detect breaches and react to them faster.
4. Stop investing in tactical point solutions; think strategically and invest in a holistic, platform approach to security.
5. Encrypt ALL customer data.
6. Implement strong access control to prevent the bad guys from gaining access to critical servers
While no prevention plan is a silver bullet, in the event there is a breach, these tips combined with a solid recovery and communications plan can quickly isolate the problem and help you take care of your customers. By focusing on the fundamentals of cyber security and breach prevention, you can help keep your company out of the headlines.
[su_box title=”About Amrit Williams” style=”noise” box_color=”#336588″]Amrit Williams has over 20 years of experience in information security and is currently the Chief Technology Officer of CloudPassage. Amrit has held a variety of engineering, management and consulting positions prior to joining CloudPassage. Previously, Williams was the Director of Emerging Security Technologies and CTO for mobile computing at IBM, which acquired BigFix, an entperprise systems and security management company where Wiliams was CTO. Prior to BigFix, Williams was a research director in the Information Security and Risk Research Practice at Gartner, Inc. where he covered vulnerability and threat management, network security, security information and event management, risk management, and secure application development. Before IBM, Williams was a director of engineering for nCircle Network Security, and undertook leadership positions at Consilient Inc., Network Associates, and McAfee Associates, where he worked to develop market leading security and systems management solutions.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.