Check Point Software Technologies’ head of global product marketing John Vecchi has three main areas that he calls the board-level trends in security.
They’re not necessarily the biggest threats, but they are the issues that are “explosive,” that C-level executives are bringing to the board room.
As a result, these are what the players in the IT security market should be considering when providing solutions to enterprise customers, Vecchi said in Toronto this week. “This should be the prism through which you look at your security vendor and your solution provider.”
Virtualization and the cloud
“Most CIOs are virtualizing,” Vecchi said. “Server environments are getting virtualized very quickly.”
“Mostly, they’re building private clouds,” he said. The main concern with the cloud is a lack of control, he said. “The sense of loss of control is pretty high.” According to a 2010 Morgan Stanley survey of CIOs, loss of control ranked as the highest concern at 80 per cent.
For those who still feel barriers to implementing server virtualization, “the biggest challenge is lack of security skills,” he said, along with a lack of security best practices within the company.
So, when companies ask Vecchi about best practices for these virtual and cloud environments, he tells them to “build it like they’re building automobiles- build it in.”
When the first Fords started coming off the production line, people just wanted them and only later asked if they were safe, he said. Now, the safety has to be built right in and the same can be said for virtualization and the cloud.
IT consumerization and the iPad explosion
“This is another board level issue, perhaps one of the biggest,” Vecchi said. “No matter any conversation I get into, this is usually the number one topic.”
The executives will likely go around the office asking employees why and how they use their devices, whether iPads, PlayBooks, Android phones or any other handheld consumer items, he said. Many enterprises are also issuing their own general purpose devices, he added. “The devices that [businesses] need to enable are all consumer devices.”
“Then they turn to IT and they want to make it secure and they become difficult to use,” he said. “The very reason that this trend is so explosive is that it’s their device. If you start locking it down like it’s a corporate device, you will extinguish the flame of the very reason why this is so explosive.”
Oftentimes, the phones or devices that employees carry to work actually do have encryption tools or other security instruments to prevent data loss, but companies don’t always have policies to turn them on and ensure they stay on, according to Vecchi.
And the proliferation of these devices is only getting stronger. The average number of devices used by each person for both work and play is four, he said. “It’s not just that everyone’s mobile, but they’re mobile times four.” “This is why it’s powerful… and this is why it’s hard,” he said.
Web 2.0 and the rise of apps
Similar to consumer devices, executives typically think that since Facebook, LinkedIn and Twitter are such powerful tools, everyone in the office should be using them to their advantage, Vecchi said.
Unfortunately, this means a lack of control all over again.
“What I say with applications is, it can’t be a light switch,” Vecchi said. In other words, IT can’t just turn on access to an application without any control. “It’s one thing to say I turned on Facebook, another to say it’s controlled,” he said, since users will suddenly also have access to things like FarmVille.
“You need to control them like a dimmer switch,” he said. Organizations need tools that allow them to vary who gets access to which applications. “You may have one policy for marketing that’s different from engineering,” Vecchi said. Those differences need to be clear and the distinctions need to be easy to implement.
“Everyone’s supporting consumer-style apps,” he said. Unfortunately, app developers’ main goal is typically rushing their product to market, and security isn’t built in, he added. “Bad guys are going to target applications,” he said.
User engagement as a solution
Most data loss and security problems that occur are accidental, he said. “You don’t have malicious users; they want to do the right thing.” “Engaging users today is going to go a long way,” Vecchi said. “It’s going to have the same effect as neighbourhood crime watch groups.”
Check Point itself offers its R75 network security suite as one option to help IT security teams consolidate their efforts and tackle these board-level trends and Vecchi said the company’s goal is for people to understand why these tools are in place.
“They need to not just be considered the cause of the problem.”
Browse our selection of new, free, tablet-friendly digital editions!