Data is the modern paper. Where once we produced reams of paper that needed to be stored, we now generate terabytes of data that need to be managed, stored, shared and, most importantly, secured.
These are challenges that are faced by private enterprises and government agencies alike so we asked our long-time technology partner, McAfee, if they could provide some expert guidance on how this data-driven technology environment impacts an organization’s security needs.
In this interview, Ken Kartsen, Vice President of Federal Sales at McAfee, talked to us about the ever-changing IT landscape and how it impacts organizations’ security needs. Here are Ken’s insights:
Q: What does McAfee predict will be the big trends in security in 2013?
The biggest things our customers are talking about are mobility, cloud and virtualization.
Unlike virtualization and cloud solutions, which have been topics of discussion for a few years and are still slowly being implemented, mobility is a different story. Mobility has come on much quicker because of the consumerization of mobile devices.
Employees can do more from a work perspective on tablets and smartphones. Unfortunately, there are new devices for hackers to attack, and there will be more cyber attacks on mobile devices in the near future.
We hear private and public sector IT managers discussing their virtualization implementations as essential for continuity of operations, telework, data center consolidation and other initiatives. What security concerns come with the benefits of virtualization?
Many of the biggest issues facing virtualization initiatives are based in function, not security.
Customers demanded security platforms for virtual machines, and the security industry moved quickly to ensure that customers can accomplish what they’re looking to achieve – fast-moving virtual machines that are secure.
However, this means securing each individual endpoint. This has led to the creation of hypervisors and other technologies that ensure security is embedded in virtual machines without having to install it on each individual virtual endpoint.
What about cloud solutions? Are security issues keeping private enterprises and the federal government from moving to the cloud?
We’re continuing to see customers move in the direction of the cloud, but it’s a slow process. And we’re getting closer and closer to the time when Google, Amazon and other cloud providers have important functions within the federal government. However, to combat security issues, we’re seeing the defense and intelligence industries embrace private clouds.
Ultimately, clouds are based in data centers, so securing the cloud is more about securing the data center. In addition, when dealing with the cloud, organizations need to focus on identity management; when people connect to the cloud, the cloud needs to ensure that the person is exactly who they say they are.
The perfect solution is security embedded in both the hardware and the software. This would ensure that when an individual accesses the cloud, they can ensure the integrity of who the person is and identify what data they should be able to access.
You started our conversation off talking about mobility. We continue to hear about employees bringing their own devices into the workplace, which has clear security implications. What has the attitude towards BYOD been in the private and public sector?
BYOD is probably not going to happen the way we think it will in the public sector, since most government agencies are nervous about legal issues arising from employees connecting their devices to the agency network.
Instead of enabling BYOD, the public sector is embracing mobility. In other words, agencies are acquiring the devices and distributing them to their employees instead of allowing them to bring their own. This gives them more flexibility to take the device away. However, employees are still given some freedom in how they use their mobile device and the apps they’re allowed to download.
Ultimately, if there is a security event, the agency needs to be able to wipe the data remotely from the device. If the agency does not own the device this would bring up all kinds of legal issues.
For organizations that do embrace BYOD, what steps can they take to help secure their networks?
Simple things are the best. Password protection and identity protection are the first considerations.
Next, they should work to partition information by cordoning off sensitive applications and information from consumer applications. They should also encrypt information to ensure that data and information that is compromised is protected at some length. Finally, they should implement solutions that enable them to wipe devices.
[Listen here for BYOD Best Practices podcast with Iron Bow’s Ryan Sobel or click here for 5 BYOD Strategies to Build your Organization’s Policy]
How is the current fiscal environment impacting the security industry?
The federal budget situation and the threat of sequestration is forcing security companies that service the federal government to provide better security value at a lower cost. Right now, every time there’s a new threat, a new product needs to be purchased. Security companies need to get to a new level of security where a new product isn’t needed every time there’s a new threat.
This is accomplished by being more integrated in their approach to security. By integrating partner communities into their platforms, security companies can diversify their solution offerings. This will also allow them to increase visibility for their users by enabling them to manage and oversee everything from one dashboard.
Want to read more about the security threats that will impact organizations in 2013? Click here to download McAfee’s 2013 Threats Predictions.