Today is Day 2 of the Converge information security conference at Detroit’s Cobo Center, and it promises to be full of significant insights into IT security within organizations.
Here’s a recap of one of Thursday’s sessions, The Challenge of Natural Security Systems, presented by Rockie Brockaway, the security practice director at Black Box:
Brockaway started with a really important point: Information security is currently viewed as a tactical response within companies, when it should be treated as a function of the business. InfoSec’s role is to prevent the loss of business-critical data, promote innovation within other parts of the company and protect the brand. One of the biggest hurdles in InfoSec, Brockaway explains, is understanding what a company’s critical data is, and where it’s stored. Without that information, there’s no way to fully protect it and vulnerabilities will be created.
Another issue within enterprise InfoSec is the obsession with static models like walls. If a security measure is put into place without learning, modifying and adapting from new information, it will eventually be circumvented and will become useless.
So what should companies do to become more adaptive? Brockaway looks at business similar to animals, with small systems making up a larger organism. Using characteristics of adaptable organisms, he found traits that will help in the business sense.
First, he says, learn from your successes. There is value in understanding mistakes, but analyzing what is working helps give more information about attacks. The next is setting up a company in a semi-autonomous fashion, with little central control. One of the biggest issues with centrality is the issue of a single point of failure. Redundancy is key to the survival of a system, and with no redundancy, one issue could be devastating.
Another trait Brockaway mentions is the ability to use information to mitigate uncertainty. An animal survives by evaluating its surroundings and being aware of potential danger. Understanding a corporate IT environment and continuing to assess the surroundings means being able to see when things are out of the ordinary, and fixing potential vulnerabilities.
Lastly, Brockaway states that in order to be adaptable, organisms have many symbiotic relationships with other organisms. He translates this to having relationships with solution providers that can help open up a company to mutual benefits and stronger security.
There’s more to come about information security, so stay tuned! The Converge conference concludes today and it is followed Saturday by BSides Detroit.