New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
 
New security threats that may threaten enterprises and rethinking security strategies from scratch again

Solutionary is an information security company that delivers medium-to-large businesses a wide range of managed security solutions and professional services to reduce risk, increase data security and ensure compliance. Founded in 2000, the company’s services are based on next generation security intelligence and offer true security and compliance management. Solutionary provides customers with advanced service delivery, patented technology, thought leadership, years of innovative groundwork and proprietary certifications that exceed industry standards, enabling the company to have one of the highest retention rates in the industry.

In the following interview, Mike Hrabik, President and CTO of Solutionary, discusses 1:1 with Rake Narang, Editor-in-Chief of Info Security Products Guide, new security threats that may threaten enterprises and rethinking security strategies from scratch again.

Rake Narang, Editor-in-Chief: What new security threats may threaten most enterprises in the near future?

Mike Hrabik: We have seen a demonstrated cycle over time of threats that are initially targeted towards government and military targets that migrate "downstream" over time to affiliated business and then beyond to "regular" businesses. This has driven much of the "buzz" around APTs (Advanced Persistent Threats) and APAs (Advanced Persistent Adversaries) that occupied a lot of 2011.

The trick is to understand that the industry always going to be "ahead" of these threats from the perspective of "regular" businesses so I would expect to see more effects of these types of attacks and attackers in 2012.

Someone, somewhere has something to gain by stealing your organization's financial, operations, process, sales, and marketing information. Whether trying to disrupt your ability to deliver or copy it, it continues to escalate. It's not just about credit cards anymore.

Rake Narang: Why is the classic security solution model failing and should enterprises rethink their security strategies from scratch again?

Mike Hrabik: Security is too often viewed as the application of the latest doo-dad that the industry produces. Gartner tracks these things through something called a hype-cycle. So we see a recurring theme that someone thinks up a new tool that can protect people from "X" and the industry gets behind it and pushes it as the latest greatest must have, organizations buy the item, attempt to implement it and all too often we hear 9 months later that it's a failure - didn't deliver on its promises.

The single most important thing that an organization can do that will affect their actual security is to have a strong security program and plan. Sounds simple but it isn't. It requires having the right leader, the ability to understand the business, and communicate with other business executives as a peer. If those things are in place, then having a plan that is risk based, accounts for threats likely to occur, and vulnerabilities that exist sets the organization up for a mindset that focuses on results, not the particular way in which they are achieved.

Really successful CSOs are viewed by their organization as enabling the business to achieve higher revenues and lower costs. They are a trusted partner in the business. Selecting solutions or providers that will map to your needs and organization (not the other way around) and that will adapt to your changes over time is where long-term benefits can be realized.

Rake Narang: How should cloud providers leverage security and compliance as a value add?

Mike Hrabik: Anytime a new "paradigm" is adopted the initial reaction is that it's completely new and therefore requires completely new tools and processes. But then after things start settling it's learned that yes small specializations here and there need to be made, but nothing can stand as an island in the long-term. it all has to integrate back into an overall picture.

Cloud technologies and providers are no exception. The same techniques that have worked in enterprise and virtual computing environments can be applied to the cloud as well.

The big difference as I see it is the scope of adoption that I expect many organizations will engage in. Whereas in the past SaaS or hosting vendors tended to provide fairly narrow services, many organizations will at some point in the future move a substantial, perhaps most, of their computing into the cloud.

At that point integration and cohesion becomes key. Cloud providers that provide auditing and security mechanisms that can plug into an overall security and compliance platform will win.

Company: Solutionary, Inc.
9420 Underwood Avenue, 3rd Floor
Omaha, NE 68114 U.S.A.

Founded in: 2000
CEO: Steve Idelman, Chairman of the Board and CEO
Public or Private: Private
Products: Solutionary is an information security company that delivers medium-to-large businesses a wide range of managed security solutions and professional services to reduce risk, increase data security and ensure compliance.

Bookmark and Share