Cisco's John Chambers' security storm
As you might have heard, Cisco chairman and CEO John Chambers has been kicking up a security storm recently. During his keynote address at the annual RSA security conference in San Francisco last week, Chambers commented that cloud computing is set to be a major security problem.
He predicts the integration of data, voice, and video will become a normal way of life, but warns this could be a "security nightmare." Here's my two pesos worth on the situation.
Every new technology brings new challenges, not the least of which are security issues. Now, the usual problem with military generals is that they are often fighting the last war and not the one to come. However, in this case, the old and tested ways (of security) are still appropriate, and they are relatively independent of technology. The unchanged security principles
are ...
1. Know where your sensitive information is located; whether it be in the cloud or on an unknown local server.
2. Control access to that information. You must be able to identify the people or systems that access it (authentication), and ensure they have proper permission to read or change the data (authorization). The more sensitive the data, the more rigorous the authentication and authorization processes must be.
3. Take steps to ensure sensitive information is always protected from prying eyes by appropriately encrypting when in transition across security zones. For example, from a secure data center across the Internet ("the Wildest West").
4. Build information risk management into the culture of the organization. Security is much more than a few technical point solutions, such as a firewall or intrusion detection device. It is everyone's responsibility, especially executive management.
5. Always be alert for "Black Swans," those unexpected or "unlikely" events that can be career- and business-limiting. That means always assume that the security defenses might be vulnerable to a new threat -- external or internal. So never rest on your laurels, and continually test and challenge the security decisions.
6. If any sensitive information is to be outsourced -- whether to a cloud computing vendor or any other service provider -- apply the same rules of information protection as if the data were in-house, with the added proviso of proper legal and contractual protection.
With these standard practices in place, your organization will be set to take on whatever the future of computing holds, wherever that might be.
1 comments:
brilliant topic, and very logical recommendations. But I can't help but snicker about Chambers picking this topic -- security remains one of the most lucrative places for any tech vendor today. With his network equipment profts going down, no doubt Cisco will be selling more piece-o-mind security software. Ha!
Post a Comment