Mar 4 2014, 1:26pm CST | by Forbes
Often the conversation about the security of technology systems is parsed in terms that suggest the biggest risk vector comes from small organizations without the IT budget to ensure good security. However recent high profile breaches from the likes of Target and Neiman Marcus has called this perspective into question. New research from security rating vendor BitSight would seem to back up the perception that larger companies in fact pose a real security risk.
BitSight has put together a report detailing the security effectiveness of different companies. Their approach is to create something analogous to a credit score, that analyzes the entire security situation and rates organizations based on externally observable security incidents – botnets, spam, malware, unsolicited communication, DDoS, system configuration, etc. BitSight ran the report across 460 of the S&P 500 (excluding the telcos) and high level findings include:
So what is going on here? Are the attacks becoming more sophisticated or are large organizations really dropping the ball on this? Well another survey, this time by Trustwave, would seem to indicate that it’s very much the latter. Trustwave surveyed 800 IT professionals and looked at the top security pressures they face. It tried to differentiate between external pressures (new attacks, more frequent attacks) and internal ones (reduced budgets etc). The results are somewhat sobering:
It seems that in a headlong race to become more agile and deliver on the innovation that the organization and the marketplace demands, enterprises are taking a fairly slack approach towards security. But perhaps this is an unavoidable reaction to the pressures organizations are under – is it feasible to deliver product more rapidly while still remaining secure?
I believe that to an extent these statistics are a direct result of the move towards the “lean enterprise”. I speak with many large enterprises who are trying to emulate Eric Ries’ Lean Methodology for startups – in doing so they’re keen to roll out minimum viable products to test a business hypothesis. While this is an admirable aim from the perspective of increasing innovation, it leaves significant gaps when it comes to security. I’m reminded of the book The Phoenix Project, a novel that looks at the reality of one fictional enterprise trying to balance agility with robustness.
It seems to me however that there is a resolution to these problems, but to gain the edge, organizations need to rethink the fundamental systems they use. The current status quo of having core systems, point applications and the operating platform as distinct and siloed entities can’t deliver agility combined with robustness. Rather organizations need to find a new sort of operating system that allows them to create new applications but within a strong governance wrapper. Seemingly this is the reason that Warner Music Group famously ripped out its technology systems to create an entirely new stack, one that mixes high degrees of flexibility with overall compliance.
Trying to shoehorn agility onto existing systems is a guarantee of problems – the recent large enterprise breaches have show this. Enterprises that truly want to be innovative within the constraints of what they do need to rethink their core systems and revisit the way they operate. Only by doing this will they be able to reconcile the various pressures they feel.
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.
blog comments powered by Disqus
The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.
The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.
Read more about The Geek Mind.
News | Technology | Business | Technology News | Security | Prevention | Computer security | Data security | Computer network security | National security | Public safety | Crime prevention | Safety | Secure communication | Lean manufacturing