Introducing The SBIC Blog — Strategic Guidance from Global Security Executives

Imagine if you had regular access to a group of top-notch advisors – security leaders from some of the world’s largest brand-name companies – to help you build your security strategies? Companies like Coca-Cola, Fed-Ex, Intel, Johnson & Johnson, JPMorgan Chase, SAP and Walmart. For the last five years, the Security for Business Innovation Council (SBIC) has been publishing reports which deliver actionable recommendations from some of the world’s most accomplished security leaders. Given the immense challenges in information security today, we know that practitioners are hungry for more guidance based on real-world experiences and lessons learned. This new SBIC blog provides increased access to Council members’ valuable insights.

Securing the Mobile Enterprise

We are seeing a fundamental shift in the way IT is consumed, and subsequently secured, and it’s mostly driven by mobile. The recent SBIC report, “Realizing the Mobile Enterprise: Balancing the Risks and Rewards of Consumer Devices,” highlights these shifts. There are a number of trends around mobility that make it a distinctly different and new security challenge to consider

Mobile Risks and the Enterprise

I have worked on mobile security strategy for RSA for the last two years now, and during that tenure the market continues to evolve and move at a rapid pace, which no doubt is putting more stress and uncertainty into the minds of security professionals. But, just the other day I saw a graphic in Computerworld that really summed up the entire mobility movement. Take a look:

The “Dynamic Tower”: Security as a Process

The Security for Business Innovation Council report published last month lays out a roadmap for responding “When Advanced Persistent Threats Go Mainstream” (as the report title puts it). One of the most important recommendations in that report is captured by Roland Cloutier, VP and CSO of ADP Inc, when he says: “you have to have the resources and a process for risk decision-making that enable rapid changes to your protection platform.” That is, the roadmap in the report doesn’t lead to a static, unchanging security monolith. It’s a model for a process that builds dynamism into security, not unlike the architectural model of the Dynamic Tower that David Fisher has designed for Dubai.

IT Security in the Age of APTs

In January 2010, at the turn of the decade, I wrote the following lines in my blog: “It will be an interesting decade from a cybercrime perspective. Employees are one of the weakest links in corporate security… The current defenses cannot suffice, and the industry must think of a new defense doctrine.” A lot of folks in the security space raised an eyebrow.

Regulation Proliferation: Don’t Get Caught Flat Footed

Dime con quién andas y te diré quién eres -Spanish Proverb: “A man is known by the company he keeps” “Those who cannot remember the past are condemned to repeat it.” -George Santayana Don’t get caught flat footed by the way regulations are changing, demanding, costly and sweeping the world.  Better yet, don’t get squashed…