Foundational Security Best Practices Remain Top of Mind for Security Professionals
Contrary to what many outside the network security world may think, the annual RSA Conference isn’t solely about striking fear into people and companies. (OK, it’s a little bit about that, but not completely.)
As usual, RSA this year included hot-button news stories (Apple vs. the federal government), calls to action, and a slew of really over-the-top security technologies … which leads to the first of my three key takeaways from RSA 2016:
1) New technologies are not the top priority.
Even amid the snap, crackle, and pop of the high-end security technologies presented at RSA, the buzz on the floor was more about getting the foundational stuff right than anything else.
The security professionals I talked to were more focused on “What can I do better?” than on the latest and greatest appliance. We should be taking advantage of information-sharing communities, making sure we learn from and react to the thousands of breaches that are occurring on a regular basis.
Also, a word of advice to new vendors: Make sure you understand your company’s value to potential customers. Among RSA 2016 attendees, one of the underlying sentiments was, “I can’t tell what these people do, and THEY can’t tell me what they do.”
As Anton Chuvakin wrote, if your booth is mostly about exchanging buzzwords for money, that’s simply not good enough. Not considering what’s at stake regarding the health and well-being of organizations all over the world.
2) Threat intelligence & security basics both matter.
Security and IT professionals understand that while threat intelligence is vital, it is moot without vigilance in areas such as employee education, network testing, monitoring, and information sharing. “Big data” has huge potential, but do you have a plan for how to use it to your organization’s advantage?
As security professionals sort through a rapidly growing wealth of data and consider a wide range of related decisions, the ability to take what’s discovered and apply it to your company’s day-to-day work environment is essential.
3) Help wanted: security analysts.
The good news about the shortage of security analysts is that everyone agrees there’s a problem. We’re not doing a good enough job of attracting people to this field, which is concerning because the increasingly connected world requires more security professionals than ever before.
“By 2020, we expect the global talent shortage to approach 2 million,” said Christopher D. Young, general manager and senior vice president of Intel Security Group. Young referenced several efforts across the U.S. to fill the talent void, including:
- Using gaming to engage youth
- President Obama’s proposed CyberCorps Reserve scholarship program
- University-level programs
All of these are steps in the right direction, but it will take a lot more widespread collaboration and advocacy to truly move the needle.
When it was all said and done, the underlying themes at RSA 2016 reminded me that what we are striving for at Cradlepoint is important for an increasingly wireless world. It’s now possible to simultaneously streamline network security, expand remote cloud management, and lower the total cost of ownership.
INFOGRAPHIC: Mitigating Network Security Risks
Data breaches come in all shapes and sizes, and with increasing prevalence. Review our infographic featuring 10 best practices for mitigating network security risks.