Welcome!

SDN Journal Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

What Today’s Hyperconnected World Means for the Enterprise Security

Thoughts on the Report from McKinsey

A newly released report from McKinsey & Company, Risk and Responsibility in a Hyperconnected World: Implications for Enterprises, highlights the findings of a year's worth of McKinsey research conducted in partnership with the World Economic Forum. Based on the interviews with over 200 enterprises and organizations the findings highlight the importance of protecting online proprietary data and information and puts forth 7 ideas for how to protect the enterprise.

The report first observes that with the rise of new and novel ways to access information via mobile devices, data security risks have dramatically increased. Despite the billions of dollars spent to secure data, cybercriminals have proven themselves to be a highly adaptable, sophisticated, well-funded crew, equipped to take advantage of any weaknesses in an enterprise's security technology. Recent examples of large breaches at Target and Adobe could potentially really just be the tip of the iceberg.

As I mentioned, the research sets forth seven practices for executives tasked with battling cybercriminals; here is the list with a few observations on each:

1. Prioritize information assets based on business risks.
At PerspecSys, we've long championed this idea as an important part of any cloud security strategy. It enables a smooth, risk-based strategy for protecting the corporation and helps prioritize IT activities on the most impactful security technologies/processes. It is amazing how quickly things can happen when risks are well understood (see #6 below). Which leads directly to the next tenet...

2. Provide differentiated protection based on importance of assets.
This is especially relevant when choosing where and how enterprises select their cloud computing environment (public, private or hybrid cloud) and what obfuscation technologies to deploy (tokenization, encryption, location and ownership of keys, etc.).

3. Deeply integrate security into the technology environment to drive scalability.
This strategy helps better protect assets while staying a step ahead of both cybercriminals and competition. And as I stated in my predictions of what we'll see this year, the solutions that pull ahead in the marketplace will provide strong security, leverage existing data center investments and scale without disrupting usability of the cloud.

4. Deploy active defenses to uncover attacks proactively.
No organization can afford to wait for evidence of attacks. Technologies and processes should be in place to preemptively search out and stop any vulnerability. For example, an enterprise can proactively keep its most sensitive assets out of the cloud without adversely impacting their end user's cloud experience, by using a product such as ours.

5. Test continuously to improve incident response.
Testing is a key part of cybersecurity and we've seen with recent attacks that response matters - led by the IT department, but including all major departments. Solutions like those from Co3 Systems can help an organization be prepared if and when the time comes.

6. Enlist frontline personnel to help them understand the value of information assets.
The end users often feel the impact of cybersecurity choices the most and need to be up to speed on what is at stake with certain data assets - especially important with the rise of mobility and BYOD in the workplace.

7. Integrate cyber-resistance into enterprise-wide risk-management and governance processes.
Cybersecurity is clearly not just an IT department issue, but a decision and process that should involve multiple teams within the enterprise.

There was some disagreement in the survey about the issue of cybersecurity regulations and there was also some division by industry (which makes sense given the disparity in regulations already in place by industry sector). We believe regulation will continue to grow and be increasingly complex, making full awareness and compliance with any and all applicable industry regulations a must by security solution providers - whether PCI DSS, HIPAA or others.

Finally, we agree that this is a C-Suite and boardroom issue - the viability of institutions depend on proactively removing enterprise risk and threat.

I strongly recommend you download and read the full report. I look forward to future updates from McKinsey and the World Economic Forum.

Read the original blog entry...


PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit www.perspecsys.com or follow on Twitter @perspecsys

More Stories By David Canellos

David Canellos is a security veteran who is now President and CEO of PerspecSys. An entrepreneur specializing in bringing innovative security and privacy solutions to market, he has been instrumental in establishing PerspecSys as the leader in the Cloud data Protection Gateway market.

Before joining PerspecSys, David held executive positions at Irdeto Worldwide, which acquired the company he led, Cloakware, which was a pioneer in encryption and digital rights management. Before joining Cloakware, he was the General Manager and Vice President of Sales for Cramer Systems (now Amdocs), a UK-based company, where he was responsible for the company’s revenue and operations in the Americas. Prior to his work with Cramer, David held a variety of executive, sales management and business development positions with the Oracle Corporation, Versatility and SAIC.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Steadfast specializes in flexible cloud environments, infrastructure hosting, and a full suite of reliable managed services and security. Complemented by expert consultation at all stages of design and deployment to maintenance and expansion planning, Steadfast delivers high-quality, cost-effective IT infrastructure solutions, personalized to customer needs.
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy.
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian and Tiger Woods. Taylor recently became an advisor to cybersecurity start-up Path which helps companies make sure their websites are properly loading around the globe.