To anyone who has been paying attention, this isn’t as much of a surprise, as it is a confirmation of the ongoing tenuous condition of enterprise cybersecurity but a just-released survey from specialty insurer Hiscox shows that roughly three-quarters of the 4,100 organizations surveyed face significant shortcomings when it comes to cybersecurity.
Is this cloud security Nirvana?
While many organizations moved to the cloud to try to simplify their IT management, including improve security, they’re learning that it’s not as simple as “shift applications to the cloud and watch the magic happen.”
In a report published by the U.S. Departments of Commerce and Homeland Security concluded what most security professionals have known for years: that botnets are a global threat, that technologies exist to mitigate the threats but aren’t widely used for multiple reasons, poor product security design and development, counter-productive market incentives, and low education and awareness across all market participants.
With another year of too many high profile, and quite frankly avoidable, data breaches under our belts, it’s time to take a look forward and identify areas where you may be able to improve your security program and hopefully become more efficient and reduce risk more effectively.
It’s not always the bad guys that sabotage enterprise security efforts, sometimes organizations do that all on their own.
When it comes to enterprise security, cloud was supposed to help simplify security efforts. But it didn’t turn out that way. Today, the typical large enterprise has its legacy environments, public clouds, private clouds, private hosted clouds, and various hybrid flavors of each to secure. And within those systems applications are becoming containerized, and broken into many different discrete services. All of this is not only fundamentally changing the way enterprises must secure their environments, but also significantly increasing the complexity in doing so.
Many cybersecurity organizations are of the opinion that threat intelligence can prevent, or if not prevent entirely at least lessen, the impact of successful breaches.
When it comes to insider threats, the nature of the threats is largely the same regardless of the computing environment, such as whether the data and apps reside on-premises, public cloud, or provide cloud — the risk of data exfiltration, data destruction, theft, and similar is ever-present.
Software containers are among the hottest aspects of enterprise technology right now. Sure, containers help enterprises save budget through, just like virtualization, the improvement of hardware density. But that’s not really why enterprises are turning to containerization. It’s how application containers bring to modern cloud environments improved manageability and the ability to deploy applications as discrete functions that can be used at will and reused elsewhere in the environment, wherever needed, as a service.
There’s no doubt that enterprises are embracing cloud computing, but not-so-surprising that enterprises repeatedly say that they need heightened visibility and security management capabilities so they can more effectively deploy applications, defend against cyberattacks, and mitigate regulatory compliance risks, a recent survey found.
Business Insights readers are certainly well aware of the sorry state of connected medical device security. We’ve covered it in posts such as St. Jude Takes Steps to Secure Vulnerable Medical Implants and U.S. DHS and FDA Face Medical Device Security Woes. In the later post we covered how the FDA is working to foster a culture of continuous quality improvement.
