Evolving architecture, management solutions that don’t secure, and dead perimeters: a CISO’s job is a hard one
“You know, when a CSO thinks through priorities — it’s a tough job. [They need to] to balance the kinds of things that require a lot of intense concentration, real deep problems in infrastructure … with the day-to-day things that could be just as important.”
Ed Amoroso would know. Ed served for 12 years as CSO at AT&T and is now the CEO of TAG Cyber. He started his career at Bell Labs in Unix security R&D over 30 years ago.
So many tasks, so little time
A CSO’s job is a constant juggling process — balancing budget, human capital, time, effort, team energy, and many other factors. In recent years, mobile security has been added to the task list. However, as threats like Pegasus come to the surface and as employees use their personal devices to get their jobs done, mobile security is quickly becoming a much bigger priority.
Dealing with mobile security: an evolution
In recent history, a CSO (or perhaps one of her employees) dealt with the security of mobile devices through management. “MDMs are good!” Ed explains in the above video, but CSOs are now actively asking themselves new questions: Do I need to augment my MDM? Should I replace it?
Ed suggests stepping back and understanding the interconnectivity of attacks. Malware, vulnerabilities, risky employee behaviors, and network connections all play into a larger mobile attack surface. Security teams need a holistic sense of what they’re working with: how many mobile devices access corporate data? How reliant on mobile devices are employees? How could you enable their productivity by allowing them to use their mobile devices freely?
“You’ll make a better decision,” says Ed.
If you’re still doing perimeter security, you’re doing it wrong
“To date, we’ve had these perimeter architecture … you’re ‘inside the firewall’ and that’s the worst architecture that you could have in 2017.” – Ed Amoroso
Mobile devices and cloud services bypass the traditional firewall, making it ineffective. End-users, or employees, aren’t slowing down their mobile device usage either. They will do what they want to do: download apps, visit websites, maybe even gamble a little (you’d be surprised). A CSO wants to gain visibility and the ability to mitigate risks to their corporate data, not to become the blocker who says, “No.” CSOs who implement the right kind of architecture, that embraces mobile security, becomes the corporate enabler — the person who helps people get their jobs done.
What to get a look into the future of mobile security? Check out this in-depth video from Phil Reitinger, president of Global Cyber Alliance and former CISO.
If you want to learn more about mobile security and get a personalized look at the needs of your specific organization, get in touch with us today.