Complexity of IT systems is generally increasing. Complexity is the enemy of security. Generally speaking, the challenge is to keep systems secure while at the same time complexity is growing. Cloud computing makes the situation even more challenging for enterprises. The definition of the enterprise perimeter gets very blurry in the Cloud. Organisations must be adequately prepared to the new risks in the Cloud era.
Are there any areas of major security concern that you consider to be of grave importance but that customers often fail to see?
Our customers are generally very security aware and already operate on a high security level. We help them to further improve their protection and processes. Rarely do we detect major security holes the customer has never thought of.
To illustrate, typically, financial institutions we work with already have a robust security infrastructure in place to protect their outgoing channels like e-banking. However with Web 2.0, new threats have popped up that require new protections like a Web Application Firewall.
What is your general advice to organisations operating in a global market that is increasingly riskier and less secure?
IT security is a highly specialised business. My general advice is to get help from external professionals to bring in a fresh point of view and broad experience from real live cases in different IT security relevant fields.
Globally speaking, which industries or sectors have you found to be the most progressive when it comes information security, and which the least?
The necessary security level for a company largely depends on the possible risks that company is facing in case of a security incident. Thus, before investing into security solutions, a company should undertake an IT risk assessment.
Such an assessment answers questions like, What are the digital assets of the company? What data is critical, what data is not? What are the possible damages that the company would face in case of data loss, denial-of-service, or transaction fraud?
With such an IT risk assessment on hand, a company can then define which security systems and processes are appropriate.
Certain governmental agencies and financial institutions typically have large amounts of critical data and would potentially face severe problems in case of security incidents. Therefore governmental agencies and banks are our natural and traditional clients. But other industries like insurance companies are catching up.
Share with us how you came to the CEO's seat at AdNovum and how your engineering background has helped or hindered your development as a business leader.
I've been with AdNovum now for 14 years. I started out with the company as a software engineer, then became project manager and later COO of the then much smaller company. After heading our operation in Hungary for 4 years, I had the opportunity to take the CEO position of the AdNovum group.
Sign up for Computerworld eNewsletters.