Fear Hackers? First invest in an IT security culture change

January 14, 2015 / G C Network / Comments Off on Fear Hackers? First invest in an IT security culture change

Ambient Awareness. The cloud killer app?

By G C Network | September 10, 2008

Ambient Awareness: the ability to acquire, process, and act upon application specific contextual information, taking the current user preferences and state of mind into account. In the September 5th New…

The Cloud Wins in Minneapolis at the RNC!

By G C Network | September 9, 2008

Little did I know that while I was watching the Republicans cheer their standard bearer inside the Xcel Energy Center that the cloud infrastructure was outside defeating the forces of…

Cloud Computing vs. Virtualization

By G C Network | September 8, 2008

Yesterday, Reuven Cohen in ElasticVapor, provided an excellent post on the title subject. I’d like to “second his emotion” and, for my audience, add that cloud computing technologies and techniques…

Government Technology Cloud Recommendations

By G C Network | September 5, 2008

Recommendation on the cloud from Government Technology: No. 1: Educate your team about cloud computing. Don’t just ignore this topic as hype – the future is in this direction. Go…

Cloud Computing: A pay-by-consumption scalable service

By G C Network | September 4, 2008

John Edwards (not the Senator) of Computerworld sees cloud computing as a “…pay-by-consumption scalable service that’s usually free of long-term contracts and is typically application- and operating system-independent”. His recent…

Cloud Computing Dictionary

By G C Network | September 4, 2008

Geva Perry will be presenting at the October 8th SOA-R event. Before attending, you may want to visit his cloud computing dictionary to catch up on the current cloud computing…

Google Launches Chrome: Desktop-centric to Network-centric

By G C Network | September 3, 2008

According to Nicholas Carr, “Chrome is the first cloud browser”. If you’re not familiar with Chrome, this application is Google’s entry into the browser wars. In his blog, Mr. Carr…

Boeing Gives Up On Interoperable Modelling and SimulationNnetworks

By G C Network | September 3, 2008

Last week a Flightglobal article reported on the softening of Boeing’s stance on the need to establish standards for networking protocols across the US and global defence industry. Citing the…

Cisco: A Cloud Computing Company?

By G C Network | September 2, 2008

Yes Cisco ! Red Herring’s report on Cisco’s acquisition of PostPath last week presents a strong case for this. If finalized, PostPath would become Cisco’s fifteenth acquisition in less than…

Cloud Computing at top of Hype Cycle

By G C Network | August 29, 2008

Computerworld reports that Gartner see cloud computing as being at the top of the hype cycle. They have also settled on a definition: “a style of computing where massively scalable…

by
Kevin L.Jackson

 With all the news these days about cyberterrorism and hacking the cloud may seem like the last place you would want to put your precious information. Pew Research has even suggested that cyber-attacks are likely to increase. Some 61% of over 1600 security expert respondents to a recent survey said “yes” that a major attack causing widespread harm would occur by 2025,according to the Pew Research study. The cold hard fact, however, is that fear of the cyberterrorist and hackers, while definitely valid, is mostly misplaced.  I hold this contrarian view, because when you pull back the curtain on many of the recent breaches, you’ll likely see a mirror!

In a recent case, sensitive data including passwords seem to have been stored in the clear which is against all recommended best practices. There also may have been significant involvement from a company insider.  Focusing on application hacks, some of the most devastating have been due to a failure of the application developers to follow some basic best practices for application development.  Another important fact is that most of these breaches were not on cloud service providers.  These successful attacks were on enterprise built and managed IT infrastructures.

Our failure to protect our information and data is mostly due to our less than focused attitude towards cybersecurity.  Policies, procedures and processes play an important part in preventing security incidents but more is needed.  Every organizational employee must realize that they could be an entry point for hackers and be aware of their individual actions.  IT professionals must follow industry standard best practices for application development, network configuration, system configuration, etc. Many of which have gone through multiple iterations over the years. Everyone must also be proactive in their identification and response to cyber threats.  What I am describing is the need for a cultural change.

Creating a risk-conscious and security-aware culture is key to protecting an organization’s information infrastructure and data assets, risk management expert John P. Pironti wrote in 2012 ISACA Journal article. Business leaders must begin viewing information security as a benefit, rather than as an obstacle, and employ threat and vulnerability analysis – rather than fear and doubt – to drive adoption of points of view and controls

So let us first focus on changing our IT security culture. That will give us the edge we need in order to prevail over the cyber underworld.  We also must adopt a “trust-but-verify approach to monitoring and oversight of organizational and employee activities”. This would involve the adoption and expansion of automated security control point monitoring and reporting.  This, in fact, is a strength of any well designed and implemented cloud computing platform.

(This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are our own and don’t necessarily represent Dell’s positions or strategies.)

Cloud Musings

( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2012)

Follow me at https://Twitter.com/Kevin_Jackson
Posted in

G C Network

Cloud Computing

Cybersecurity