Fear Hackers? First invest in an IT security culture change

January 14, 2015 / G C Network / Comments Off on Fear Hackers? First invest in an IT security culture change

Cloud Services Brokerage: Adding Trust and Oversight to Complex Cloud Deals

By G C Network | September 15, 2014

According to the Gartner IT Glossary, “Cloud services brokerage (CSB) is an IT role and business model in which a company or other entity adds value to one or more…

Learn Hadoop and Big Data in 7 Minute Flat!

By G C Network | September 13, 2014

How do I install Hadoop, and on what platforms? What are the differences between versions of Hadoop? How do I Extract, Transform and Load in Hadoop? The answers to these…

Tech Equity & GovCloud Network Team For Cloud Education

By G C Network | August 25, 2014

GovCloud Network is proud to announce that we have teamed with Tech Equity Ltd to deliver cloud education and training on a global basis. With this partnership, GovCloud Network will…

National Cybersecurity = Cloud Computing Security

By G C Network | August 13, 2014

A recent article Inc.com article claimed that the percentage of U.S. small businesses using cloud computing is expected to more than double during the next six years, from 37 percent…

Vets 360 Sponsoring Service Members To Attend Gartner Catalyst Conference

By G C Network | August 5, 2014

Veterans 360 will be attending the Gartner Catalyst Conference. They are also sponsoring the attendance of active duty service members that are currently in the US military and serving in…

ERPGovCloud: Your Path to DCAA Compliance

By G C Network | July 28, 2014

So you won your first Government Contract… Congratulations!  Among the new issues you will need to consider, your accounting systems, both practices and technology, will need to pass muster with…

GovCloud Media Network Feature: Army IT Playlist

By G C Network | July 17, 2014

The GovCloud Media Network features agency specific video playlist for registered members. Please enjoy this feature on the Army IT. Please visit the new GovCloud Network Media Library for more…

Security & Defense People Launches – Use “GovCloud” for 50% Discount

By G C Network | June 28, 2014

This is quite an unusual post for me but I would like to congratulate GovCloud Network partner SDP Networks on their launch of the Security & Defense People website! Security…

The Cloud Credential Council releases Executive FedRAMP certification course with leading government cloud expert Kevin L. Jackson.

By G C Network | June 23, 2014

Palo Alto, USA – June 23rd, 2014 – Addressing the global cloud skills gap is the number one priority to help accelerate the successful adoption of Cloud, according to the Cloud…

Learning Tree’s Expert Cloud Instructor Kevin Jackson Announces Multiple Speaking Engagements

By G C Network | June 22, 2014

(Reposted from LearningTree’s “Perspectives on Cloud Computing” at https://cloud-computing.learningtree.com/2014/06/12/expert-learning-tree-cloud-instructor-kevin-jackson-announces-multiple-speaking-engagements ) Kevin Jackson, a certified Learning Tree cloud computing instructor and Learning Tree Cloud Computing Curriculum Initiative Manager, is set to…

by
Kevin L.Jackson

 With all the news these days about cyberterrorism and hacking the cloud may seem like the last place you would want to put your precious information. Pew Research has even suggested that cyber-attacks are likely to increase. Some 61% of over 1600 security expert respondents to a recent survey said “yes” that a major attack causing widespread harm would occur by 2025,according to the Pew Research study. The cold hard fact, however, is that fear of the cyberterrorist and hackers, while definitely valid, is mostly misplaced.  I hold this contrarian view, because when you pull back the curtain on many of the recent breaches, you’ll likely see a mirror!

In a recent case, sensitive data including passwords seem to have been stored in the clear which is against all recommended best practices. There also may have been significant involvement from a company insider.  Focusing on application hacks, some of the most devastating have been due to a failure of the application developers to follow some basic best practices for application development.  Another important fact is that most of these breaches were not on cloud service providers.  These successful attacks were on enterprise built and managed IT infrastructures.

Our failure to protect our information and data is mostly due to our less than focused attitude towards cybersecurity.  Policies, procedures and processes play an important part in preventing security incidents but more is needed.  Every organizational employee must realize that they could be an entry point for hackers and be aware of their individual actions.  IT professionals must follow industry standard best practices for application development, network configuration, system configuration, etc. Many of which have gone through multiple iterations over the years. Everyone must also be proactive in their identification and response to cyber threats.  What I am describing is the need for a cultural change.

Creating a risk-conscious and security-aware culture is key to protecting an organization’s information infrastructure and data assets, risk management expert John P. Pironti wrote in 2012 ISACA Journal article. Business leaders must begin viewing information security as a benefit, rather than as an obstacle, and employ threat and vulnerability analysis – rather than fear and doubt – to drive adoption of points of view and controls

So let us first focus on changing our IT security culture. That will give us the edge we need in order to prevail over the cyber underworld.  We also must adopt a “trust-but-verify approach to monitoring and oversight of organizational and employee activities”. This would involve the adoption and expansion of automated security control point monitoring and reporting.  This, in fact, is a strength of any well designed and implemented cloud computing platform.

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are our own and don’t necessarily represent Dell’s positions or strategies.)

Cloud Musings

( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2012)

Follow me at https://Twitter.com/Kevin_Jackson
Posted in

G C Network

Cloud Computing

Cybersecurity