New security tools such as biometric authorization, mobile app containerization and cloud-based security scanning have many CIOs, CISOs and security teams squirming, asking questions like, "Where should our IT organization further focus its security budget?" and "Could hesitating subject us to the top security threats experts are warning us about, especially in light of recent retail fraud cases?"
More from this chat
Biometrics take center stage
We asked SearchCIO's February tweet jam participants about the most-pressing security threats they face, as well as security essentials that guide their efforts to ward off hackers and human error. Tweet jam participants suggested that IT organizations must reevaluate how they go about choosing security products and services:
A1: IT orgs need to consider comprehensive solutions vs point solutions with analytics and correlation. #CIOChat— Tim Crawford (@tcrawford) February 26, 2014
Point solutions encompass technology that solves a single issue or a narrow IT requirement. CIO strategic advisor Tim Crawford warned IT leaders to be wary of fragile ecosystems and consider choosing security products with a suite of apps or those that integrate into legacy apps.
Crawford just might be onto something, especially as not everyone is confident in, say, cloud security:
Not every organization is vulnerable to the same kinds of security threats, but one they all have in common is the threat of human error. When it comes to using technology -- especially the newfangled stuff -- not every employee is going to catch on quickly and retain each bit of information from their security training. Brian Katz offered:
A1. Iw ould say CIOs should be aware of Micro VMs and tools for protection when people don't know better #Ciochat— Brian Katz (@bmkatz) February 26, 2014
In a micro-virtualization environment, organizations set up custom policies to identify trusted processes. When an untrusted computer process happens on John Smith's computer (i.e., opening a file, clicking an email link or downloading from an unrecognized site), the untrusted operation is automatically placed in a micro VM (virtual machine) to isolate it from the computer's host system.
Micro VMs, like other topics during the #CIOChat, should certainly be on CIOs' radar, but they aren't necessarily new technologies -- just newer ideas. In a quest to learn what's coming next, managing editor Rachel Lebeaux asked participants to show off their security smarts:
So, you've got your tools. Now what? Make sure everybody in your organization knows about your security plans -- and, most importantly, respects them.
A3: Security needs to be part of the culture, not a silo or afterthought. #CIOChat— Tim Crawford (@tcrawford) February 26, 2014
Is your organization equipped to handle new security threats? Where is your security team focusing its efforts? Tell us in the comments section below.