Fear Hackers? First invest in an IT security culture change

January 14, 2015 / G C Network / Comments Off on Fear Hackers? First invest in an IT security culture change

SOA is Dead; Long Live Services

By G C Network | January 7, 2009

Blogger: Anne Thomas ManesObituary: SOA“SOA met its demise on January 1, 2009, when it was wiped out by the catastrophic impact of the economic recession. SOA is survived by its…

2009 – The Year of Cloud Computing!

By G C Network | January 6, 2009

Yes, everyone is making this bold statement. In his article, David Fredh laid out the reasons quite well: The technological hype has started already but the commercial breakthrough will come…

Salesforce.com and Google expand their alliance

By G C Network | January 5, 2009

In a Jan. 3rd announcement, Salesforce.com announced an expansion of its global strategic alliance with Google. In announcing the availability of Force.com for Google App Engine™, the team has connected…

December NCOIC Plenary Presentations

By G C Network | December 31, 2008

Presentations from the NCOIC Cloud Computing sessions held earlier this month have been posted on-line in the Federal Cloud Computing wiki. The event featured speakers from IBM, Cisco, Microsoft, HP,…

Booz|Allen|Hamilton Launches “Government Cloud Computing Community”

By G C Network | December 30, 2008

As a follow-up to a Washington, DC Executive Summit event, BoozAllenHamilton recently launched an on-line government cloud computing collaboration environment. In an effort to expand the current dialog around government…

Is Google Losing Document?

By G C Network | December 29, 2008

John Dvorak posted this question on his blog Saturday and as of Sunday evening had 52 responses! This is not a good thing for building confidence in cloud computing. Or…

Cryptographic Data Splitting? What’s that?

By G C Network | December 26, 2008

Cryptographic data splitting is a new approach to securing information. This process encrypts data and then uses random or deterministic distribution to multiple shares. this distribution can also include fault…

Now really. Should the Obama administration use cloud computing?

By G C Network | December 23, 2008

It’s amazing what a little radio time will do! Since Sunday’s broadcast, I’ve been asked numerous times about my real answer to the question “Will ‘Cloud Computing’ Work In White…

NPR “All Things Considered” considers Government Cloud Computing

By G C Network | December 21, 2008

My personal thanks to Andrea Seabrook, Petra Mayer and National Public Radio for their report “Will ‘Cloud Computing’ Work In White House?” on today’s “All Things Considered”. When I started this blog…

HP Brings EDS Division into it’s cloud plans

By G C Network | December 18, 2008

The Street reported earlier this week that Hewlett Packard’s EDS division has won a $111 million contract with the Department of Defense (DoD) that could eventually support the U.S. military’s…

by
Kevin L.Jackson

 With all the news these days about cyberterrorism and hacking the cloud may seem like the last place you would want to put your precious information. Pew Research has even suggested that cyber-attacks are likely to increase. Some 61% of over 1600 security expert respondents to a recent survey said “yes” that a major attack causing widespread harm would occur by 2025,according to the Pew Research study. The cold hard fact, however, is that fear of the cyberterrorist and hackers, while definitely valid, is mostly misplaced.  I hold this contrarian view, because when you pull back the curtain on many of the recent breaches, you’ll likely see a mirror!

In a recent case, sensitive data including passwords seem to have been stored in the clear which is against all recommended best practices. There also may have been significant involvement from a company insider.  Focusing on application hacks, some of the most devastating have been due to a failure of the application developers to follow some basic best practices for application development.  Another important fact is that most of these breaches were not on cloud service providers.  These successful attacks were on enterprise built and managed IT infrastructures.

Our failure to protect our information and data is mostly due to our less than focused attitude towards cybersecurity.  Policies, procedures and processes play an important part in preventing security incidents but more is needed.  Every organizational employee must realize that they could be an entry point for hackers and be aware of their individual actions.  IT professionals must follow industry standard best practices for application development, network configuration, system configuration, etc. Many of which have gone through multiple iterations over the years. Everyone must also be proactive in their identification and response to cyber threats.  What I am describing is the need for a cultural change.

Creating a risk-conscious and security-aware culture is key to protecting an organization’s information infrastructure and data assets, risk management expert John P. Pironti wrote in 2012 ISACA Journal article. Business leaders must begin viewing information security as a benefit, rather than as an obstacle, and employ threat and vulnerability analysis – rather than fear and doubt – to drive adoption of points of view and controls

So let us first focus on changing our IT security culture. That will give us the edge we need in order to prevail over the cyber underworld.  We also must adopt a “trust-but-verify approach to monitoring and oversight of organizational and employee activities”. This would involve the adoption and expansion of automated security control point monitoring and reporting.  This, in fact, is a strength of any well designed and implemented cloud computing platform.

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are our own and don’t necessarily represent Dell’s positions or strategies.)

Cloud Musings

( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2012)

Follow me at https://Twitter.com/Kevin_Jackson
Posted in

G C Network

Cloud Computing

Cybersecurity