Cisco VP: Move security closer to data
Security systems are typically concerned with protecting the perimeter. Firms establish defenses around the endpoints to systems, confident that they can keep hackers out and thus prevent damage. According to Computing, Chris Young, senior vice president of security and government with Cisco, believes that the actuality of modern security is more complicated. He encouraged companies to abandon their "castle and moat" approach and learn to protect resources themselves more directly.
Moving the defenses
Computing reported that Young told a press roundtable group that the mentality based on firewalls and preventing access to systems has become outdated. He suggested that companies can place IT security systems within those protective walls, using processes to monitor the operation of their processes and take action when those functions observe a strange action.
Young explained that a new generation of hackers have found subtle new ways to infiltrate companies' systems, using social engineering rather than brute force. These cybercriminals can dodge firewalls and cause havoc, with unfettered access to corporate data storage. Armed with stolen credentials, they are significantly harder to stop than traditional hackers trying to break into the network.
"A lot of these attackers are going onto social media sites and studying users," he said, according to the source, "figuring out who are the network administrators in an enterprise and targeting those administrators so they can get access to sensitive credentials."
Young also told the roundtable that companies need to worry about BYOD. Recent data gathered by the Cloud Security Alliance supports that point. Among the over 200 IT workers surveyed, the risk of lost or stolen devices reigned over any other concern. Patrick Harding of Ping Identity commented on the data, stating that firms need to protect the hardware brought by employees as aggressively as they defend company-issued phones and tablets.