In a word, complexity.
Complexity is the number-one thing that keeps Brent Conran, Intel’s chief information security officer, up at night.
Talking heads like to pontificate on the proliferation of mobile devices, rush to the cloud, the Internet of Things, and so on. What those trends mean for the enterprise CISO is a whole new way of thinking about their job. Gone are the days when security chiefs simply worried about “securing the perimeter.” It’s not so easy to see the perimeter anymore, and trying to see it is often a useless task.
“Now, where the perimeter starts and ends, it’s pretty malleable,” Conran said. Employees use their own devices at work, they use outside vendors’ cloud services; they’re no longer confined to technology their company’s IT organization has made available to them, and that’s the reality the IT organization has to live with.
The answer is to have a flexible security framework, Conran said, which makes for a great user experience but a lot more complex and tougher to manage from the security staff’s perspective. To deal with that complexity, “you have to be agile, and you have to have transparency,” Conran said. You also have to always be prepared to move on to the next generation of security technology and, in fact, proactively seek it out.
Conran shared his experience overseeing information security at one of the world’s largest corporations in a security keynote at the Intel Developer Forum in San Francisco earlier this week.
As Chris Young, general manager of the Intel Security Group, put it in the same keynote, the nature of the threats has changed. The most malicious attackers are no longer individual hackers but professional organized cyber criminals and nation states.
Instead of viruses planted via email, the main concern today is theft of personally identifiable data, Young said. And cyber criminals have more tools at their disposal today than they ever had and at a lower cost.
Cloud services give attackers access to unlimited compute and connectivity resources and a wider attack surface. "The cloud is the best place to go if you want to leverage or identify a target for attack," he said.
The proliferation of connected devices -- Intel estimates that the 15 billion connected devices today will turn into 200 billion by 2020 -- will create more and more opportunities for attackers. Cyber threats will also have more and more impact on the physical world. "It's my car driving down the road," Young said. "What happens if a 100-car pileup is generated by a cyber security attack?"
Within Intel's own IT organization, one thing that helps address the complexity of securing the infrastructure and stay on top of the latest in security tech is partnering with security vendors instead of simply paying them for their products and services, Conran said. Intel has such a partnership with CyberArk Software, a security company whose market debut last September was one of the year's hottest tech IPOs.
Instead of worrying about securing the perimeter, CyberArk specializes in dealing with threats that are already inside the enterprise network. The company is an expert in privileged account security, Udi Mokady, its president and CEO, said. Hackers gaining access to privileged accounts is one of the leading threats today. Nearly all of the recent high-profile security breaches covered by the mainstream press involved attacker access to privileged accounts, he said.
Intel and CyberArk collaborate and share data in the continuous process of looking for security threats. Sharing data is crucial to the success of these efforts, Mokady and Conran said. A company like Intel can no longer simply rely on the security vendor to identify potential breaches.
A vendor doesn’t know your infrastructure as well as you do, Conran explained. By combining the expertise on both sides of the relationship, it becomes easier to find that “needle in the haystack,” Mokady said.