Fear Hackers? First invest in an IT security culture change

January 14, 2015 / G C Network / Comments Off on Fear Hackers? First invest in an IT security culture change

International Public Sector Cloud Computing Summit in DC

By G C Network | March 7, 2012

Next week at the Hyatt Regency in reston, Virginia, the Cloud Standards Customer Council will be holding it’s Public Sector Cloud Summit. This two day cloud event will feature international public sector Cloud…

Jill T. Singer, NRO CIO, Named One of 10 Top Women in Cloud Computing !!

By G C Network | February 17, 2012

CONGRATULATIONS to National Reconnaissance Office (NRO) CIO Jill T. Singer for being selected as one of the 10 winners of the first annual CloudNOW awards presented at the Cloud Connect Conference in…

NJVC® and Virtual Global Announce Release of PaaS White Paper: Paper Clarifies the Confusion Surrounding PaaS for Federal IT Buyers—Why It Is Important and How It Can Cut Development Costs by 50 Percent

By G C Network | January 27, 2012

VIENNA, Va., Jan. 23, 2012 —NJVC®, one of the largest information technology solutions providers supporting the U.S. Department of Defense, and Virtual Global, a premier provider of software and cloud…

December 2011: GovCloud Moves From Policy to Law

By G C Network | December 27, 2011

Over the past years, government cloud computing has steadily moved forward from it’s early beginnings as an interesting curiosity: December 23, 2008 – Now really. Should the Obama administration use…

GovCloud.com !! The New Hub for Government Cloud Computing

By G C Network | November 17, 2011

It gives me great pleasure to announce the relaunch of GovCloud.com! GovCloud is the “go to” place for everything related to federal cloud computing. Our mission is to help federal…

Backupify Names Top 10 Cloud Computing Experts to Follow on Twitter

By G C Network | November 15, 2011

THANK YOU BACKUPIFY!!!! Thank you for the honor of being on your Top 10 List! Backupify is the leading backup provider for cloud based data, offering an all-in-one archiving, search…

NJVC® Cloud Computing Expert Kevin Jackson to Speak at NIST Cloud Computing Forum & Workshop IV on Nov. 3 in Gaithersburg, Md.

By G C Network | October 29, 2011

VIENNA, Va., Oct. 28, 2011 — NJVC®, one of the largest information technology solutions providers supporting the U.S. Department of Defense (DoD) , is pleased to announce that Kevin Jackson,…

NJVC® General Manager, Cloud Services, Kevin Jackson to Moderate “Cloud Computing and the Intelligence Mission” Panel at GEOINT 2011 Symposium

By G C Network | October 18, 2011

Vienna, Va., Oct. 13, 2011 — NJVC® , one of the largest information technology (IT) solutions providers supporting the U.S. Department of Defense, is pleased to announce that Kevin Jackson,…

NJVC® Spotlights Cyber Security and Automated IT at Gartner Symposium/ITxpo® 2011

By G C Network | October 14, 2011

VIENNA, Va., Oct. 4, 2011 — NJVC®, one of the largest information technology solutions providers supporting the Department of Defense, announces its lineup for the Gartner Symposium/ITxpo®, Oct. 16 –…

NJVC® to Demonstrate Enterprise Automation at GEOINT 2011

By G C Network | October 10, 2011

VIENNA, Va., Oct. 6, 2011 — NJVC®, one of the largest information technology solutions (IT) providers supporting the U.S. Department of Defense (DoD), is pleased to offer live, compelling demonstrations…

by
Kevin L.Jackson

 With all the news these days about cyberterrorism and hacking the cloud may seem like the last place you would want to put your precious information. Pew Research has even suggested that cyber-attacks are likely to increase. Some 61% of over 1600 security expert respondents to a recent survey said “yes” that a major attack causing widespread harm would occur by 2025,according to the Pew Research study. The cold hard fact, however, is that fear of the cyberterrorist and hackers, while definitely valid, is mostly misplaced.  I hold this contrarian view, because when you pull back the curtain on many of the recent breaches, you’ll likely see a mirror!

In a recent case, sensitive data including passwords seem to have been stored in the clear which is against all recommended best practices. There also may have been significant involvement from a company insider.  Focusing on application hacks, some of the most devastating have been due to a failure of the application developers to follow some basic best practices for application development.  Another important fact is that most of these breaches were not on cloud service providers.  These successful attacks were on enterprise built and managed IT infrastructures.

Our failure to protect our information and data is mostly due to our less than focused attitude towards cybersecurity.  Policies, procedures and processes play an important part in preventing security incidents but more is needed.  Every organizational employee must realize that they could be an entry point for hackers and be aware of their individual actions.  IT professionals must follow industry standard best practices for application development, network configuration, system configuration, etc. Many of which have gone through multiple iterations over the years. Everyone must also be proactive in their identification and response to cyber threats.  What I am describing is the need for a cultural change.

Creating a risk-conscious and security-aware culture is key to protecting an organization’s information infrastructure and data assets, risk management expert John P. Pironti wrote in 2012 ISACA Journal article. Business leaders must begin viewing information security as a benefit, rather than as an obstacle, and employ threat and vulnerability analysis – rather than fear and doubt – to drive adoption of points of view and controls

So let us first focus on changing our IT security culture. That will give us the edge we need in order to prevail over the cyber underworld.  We also must adopt a “trust-but-verify approach to monitoring and oversight of organizational and employee activities”. This would involve the adoption and expansion of automated security control point monitoring and reporting.  This, in fact, is a strength of any well designed and implemented cloud computing platform.

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are our own and don’t necessarily represent Dell’s positions or strategies.)

Cloud Musings

( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2012)

Follow me at https://Twitter.com/Kevin_Jackson
Posted in

G C Network

Cloud Computing

Cybersecurity