When your customers face a security breach, how will you respond to them? Have you prepared your customer for the inevitable?
At Arrow Technology Summit August 22 – 24, technology security experts from Arrow, Gemalto and Forcepoint participated in a panel discussion to answer just these questions. The discussion centered around how to make security a business-enabler instead of a threat.
“The first thing customers need is a plan. Secondly, they need to test the plan. And, finally, they need to rewrite the plan when they discover their first plan didn’t work,” said Richard Ford, Forcepoint chief scientist.
“In addition to a well-thought-out plan,” said Todd Moore, senior vice president of encryption and data protection business at Gemalto, “it all comes down to people, devices and the data itself.” Moore stressed that customers need to know who is on their network, why they are there, what they are doing and making sure people have simple access to get their work done.
Ford indicated that it all depends on each organization’s risk appetite and thinks the risk management issue is what it’s all about. “We are there to make certain people are safe and the business continues. We enable the business,” Ford stated. “It’s not about stopping unpleasant things from happening. It’s about enabling the business to enter new markets.”
“Security is a hard thing to accomplish,” said Davitt Potter, director of Arrow’s global practices team. “Over the past couple of years there are things we have done very well, and of course there’s room for improvement.”
Today, when Ford talks to boards of directors, they are well-informed and security and he feels that is a major improvement. They understand that security is a business enabler. “But, there are still the basics like user names and passwords that continue to be used when there are much better ways to authenticate users,” said Ford.
So where are the breaches happening? Moore says the first breach category is someone getting credentials and escalating them or using them to access a database of critical data. The second breach category falls into data protection. “This is when someone gets access to a database, a file or storage that is not encrypted so it’s not protected. Using multi-factor authentication for all businesses is a simple solution.”
Another area of concern expressed by the audience is ransomware, which is a malicious form of software that takes over your computer and demands a ransom by denying you access to your data. “We always go back with our clients to the discussion of policies, procedures, and how they are backing up and protecting their data,” said Moore. “There are policies that can be put in place to protect your organization against a ransomware attack. I think many organizations have closed the gaps in their systems because of ransomware.”
Cloud security is also top-of-mind for customers. “As companies move more data and applications to the cloud, they want to be sure their cloud-borne data is secured,” said Ford. Many firms rely on their CSPs to implement key management and data encryption within their service offering. “The best way to protect data as it moves to the cloud is to protect it before it leaves your premise,” Moore explained. “As you move data to the cloud, be sure you can audit and log it so you can track the data to be sure you can get it back sometime in the future.”
Security is a top concern and a huge challenge for organizations of all sizes. It’s not a matter of “if” a breach will occur, but “when” it will occur and how you will be prepared. View this Arrow Technology Summit panel discussion in its entirety today and learn what you need to do when the inevitable happens!