Mobile and cloud security issues continue to plague us all, while the old threat of insiders seems to be riding a new wave of attention as the Snowden/NSA debacle still clamours for attention. Cyber attacks, be they bank fraud or APTs, remain confounding to many, while regulatory compliance mandates constantly vie for the attention of the masses.
The cloud and APT figure large in this issue, and while the metaphor of a cloud for off-site data storage works well to suggest something pervasive and all-encompassing, the analogy is less appropriate for cloud security. Clearly the characteristics that make cloud computing so useful – access to data and apps from anywhere, from any device, by anyone – are the same factors that pose challenges for the CISO.
Added into the mix are NSA backdoors, though as Jes Breslaw explains (page 34), even without PRISM, governments can demand access to your servers. Breslaw emphasises that companies can take a differentiated approach to data, suggesting it is key that organisations should be able to mix and match between public, private or hybrid cloud deployments.
Certainly, the benefits of the cloud are such that the world is rapidly following US uptake. It is increasingly seen as particularly useful for disaster recovery and business continuity planning (page 24). This is especially so for SMEs, which find it more difficult to justify on-premises resources. The need to constantly update to overcome new threats remains, and in IQ (page 6) we advise on how you should assess cloud security. At Birmingham Metropolitan College (page 12) the solution is IBM's SmartCloud environment to deliver services within a seamless learning ecosystem where security was a priority in implementation.
Paul Swarbrick, former CISO at NATS, explains that there are changing demands on the role from employers (page 14). CISOs are moving from being reactive to proactive as the role transitions from operational to more management and control, and from being primarily networking specialists to understanding and advising on both technical and business security issues to reduce risk.
Moving up the risks charts is APT – advanced persistent threats – where the challenge is to get the right balance between threat protection and cost (page 20). However, the danger is real and there are actions that can be taken to reduce vulnerability, which need to be clearly explained to management.
Despite the sometimes challenging times we face, we can always look to new beginnings to bolster us. One such happy turn is the arrival of SC UK's editor-in-chief Tony Morbin. A seasoned journalist, Tony will help re-energise our various editorial products. You can find out more about him on our website and, no doubt, will get to know him as he starts reaching out to all of you.
Illena Armstrong, VP, editorial, SC Magazine