Many of the good risk and compliance solutions are also very expensive and few companies can afford them. We need a GRC solution that easier to deploy and manage. As more CSOs partner with others and continue cloud adoption, GRC will be the tool of the future to help manage risk because they will have less and less direct infrastructure control.
5. We need visibility, control and protection for our data at all times.
This is about the DATA, not the device or outlet. So whether it is on a handheld, a tablet or in the cloud, we need to know where our data is, who is using it, when it is accessed--even if it was just created. We also need control of the data. This includes enabling data collaboration, knowing when it leaves our partners, and having a kill switch if our data is not in the right place. We should be thinking about our security program from the ground up.
6. We want to allow BYOD.
We want to enable the business by allowing BYOD, but most CIOs are not fans of mobile device management (MDM). They want security and data protection, but not necessarily to lock down or control the device. It makes it even harder when we get pressure from our executives to allow personal devices on the network. We need to be able to easily allow any device to access our network and data, but have full visibility and control of the data.
I believe the future is a hybrid of DLP and DRM mixed with virtual sessions. And for certain applications, data is then routed back into the data center. I do not believe the future is MDM. It just applies all the old ways of endpoint security to a new paradigm of mobile devices. It doesn't solve the real problem.
7. We NEED to stop spear phishing.
This is the number one way that most targeted attacks compromise users. Phishing may be an old method, but a researched, well-orchestrated socially engineered lure is very effective. I have asked 200 CISOs "How many of you feel confident you can stop a spearphish attack on your CEO?" And not one said they could. We have to think out of the box to solve this problem. The most successful way to solve this is by mixing science and humanities together.
One great example is PhishMe.com. [Disclosure - I recently joined the executive board for phishme.] I've found that, depending on the technology and awareness, up to 70 percent of employees will click on a spear phish lure. Your security technology needs to be mixed with your awareness program because 15 percent will still click.
Sign up for Computerworld eNewsletters.