Fear Hackers? First invest in an IT security culture change

January 14, 2015 / G C Network / Comments Off on Fear Hackers? First invest in an IT security culture change

Federal Cloud Computing Strategy Officially Launched

By G C Network | February 14, 2011

Federal CIO Vivek Kundra officially launched the Federal Cloud Computing Strategy today. While this is clearly not new news, the document does state the government’s position in a very succint manner.…

GEOINT’s Future is in the Cloud

By G C Network | January 31, 2011

Recently, Geospatial Intelligence Forum Magazine asked me for my thoughts on the role of cloud computing in the future of geospatial intelligence.My response was recently published in their December 2010…

eTechSuccess: Patterns of Success – Kevin Jackson

By G C Network | January 27, 2011

 My sincere appreciation to John Baker for the eTechSuccess: Patterns of Success interview. John and I worked together IBM as part of the Wireless Emerging Business Organization. His team and…

USBE&IT Winter Issue Focuses on Cyber Security

By G C Network | January 19, 2011

Thank You USBE&IT Publisher Mr Tyrone Taborn for such an inspiring issue and my sincere appreciation to Mr. Frank McCoy for my inclusion in his list of Cyber visionaries! The Homeland…

Global GovCloud with Cisco and VCE

By G C Network | January 18, 2011

Last week I had the awesome experience of participating in a global telepresence conference on government cloud computing. Joining me as presenters were Blake Salle, Senior Vice President of VCE,…

NIST Cloud Computing Collaboration Twiki Launches

By G C Network | December 30, 2010

Today I received my credentials for the NIST Cloud Computing Collaboration Site. “The National Institute of Standards and Technology (NIST) has been designated by Federal Chief Information Officer Vivek Kundra…

GovCloud Predicitons for 2011

By G C Network | December 30, 2010

Happy New Year All!! 2011 will be the breakout year for GovCloud! Pressure to reduce budget, pressure to manage I resources better and the political pressure of the next presidential…

Vivek Kundra Unveils 25-Point IT Management Reform Program

By G C Network | December 10, 2010

Yesterday the US Federal CIO, Vivek Kundra, unveiled an ambitious 25-point implementation plan for delivering more value to the American taxpayer. This plan focuses on execution and is designedto establish…

GSA and Unisys/Google Marks GovCloud Watershed

By G C Network | December 4, 2010

As widely reported this week, the United States General Services Administration (GSA) has awarded a contract to Unisys to create a secure cloud-based email and collaboration platform. The solution will…

NIST Moves Forward on Cloud Computing

By G C Network | November 8, 2010

Last week the National Institute of Standards and Technology (NIST) held their second Cloud Computing Forum and Workshop. Skillfully shepherded by Ms. Dawn Leaf, the agency’s senior executive of cloud computing,…

by
Kevin L.Jackson

 With all the news these days about cyberterrorism and hacking the cloud may seem like the last place you would want to put your precious information. Pew Research has even suggested that cyber-attacks are likely to increase. Some 61% of over 1600 security expert respondents to a recent survey said “yes” that a major attack causing widespread harm would occur by 2025,according to the Pew Research study. The cold hard fact, however, is that fear of the cyberterrorist and hackers, while definitely valid, is mostly misplaced.  I hold this contrarian view, because when you pull back the curtain on many of the recent breaches, you’ll likely see a mirror!

In a recent case, sensitive data including passwords seem to have been stored in the clear which is against all recommended best practices. There also may have been significant involvement from a company insider.  Focusing on application hacks, some of the most devastating have been due to a failure of the application developers to follow some basic best practices for application development.  Another important fact is that most of these breaches were not on cloud service providers.  These successful attacks were on enterprise built and managed IT infrastructures.

Our failure to protect our information and data is mostly due to our less than focused attitude towards cybersecurity.  Policies, procedures and processes play an important part in preventing security incidents but more is needed.  Every organizational employee must realize that they could be an entry point for hackers and be aware of their individual actions.  IT professionals must follow industry standard best practices for application development, network configuration, system configuration, etc. Many of which have gone through multiple iterations over the years. Everyone must also be proactive in their identification and response to cyber threats.  What I am describing is the need for a cultural change.

Creating a risk-conscious and security-aware culture is key to protecting an organization’s information infrastructure and data assets, risk management expert John P. Pironti wrote in 2012 ISACA Journal article. Business leaders must begin viewing information security as a benefit, rather than as an obstacle, and employ threat and vulnerability analysis – rather than fear and doubt – to drive adoption of points of view and controls

So let us first focus on changing our IT security culture. That will give us the edge we need in order to prevail over the cyber underworld.  We also must adopt a “trust-but-verify approach to monitoring and oversight of organizational and employee activities”. This would involve the adoption and expansion of automated security control point monitoring and reporting.  This, in fact, is a strength of any well designed and implemented cloud computing platform.

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are our own and don’t necessarily represent Dell’s positions or strategies.)

Cloud Musings

( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2012)

Follow me at https://Twitter.com/Kevin_Jackson
Posted in

G C Network

Cloud Computing

Cybersecurity