Monday, April 11, 2016

View from 40,000 Feet: Security is more than just passwords, and locked doors!

Bryon Kataoka, iSOA Group, Inc. CTO and Thought Leader




Security is more than just locking doors and barring the windows, and there is no magic piece of software that will assure IT security.

Companies need to be vigilantly concerned about how they manage security of their most trusted assets, their customers, their intellectual property, their partners and the privacy and well being of their employees.

iSOA Group, Inc. is an officially authorized IBM Security Solutions Partner.  iSOA has always focused on security, as it pertains the edge of the network, XML and Application Firewall, and integration with companies authentication solutions and directories.  Today we are expanding our security focus beyond the edge fo the network including recent certifications in QRadar, IBM's SIEM (Security information and event management) solution.

As I direct my team, as we expand our security focus, we need to keep focused on key challenges:

1) Keeping up with the latest threats and vulnerabilities.  With new threats coming along every day, such as the rise of Ransomware, we as advisors need to be on top of the latest challenges.  There are resources of information, such as IBM's Xforce Report, and most importantly to keep listening to our customers to assure we stay aware and also understand the risk to reward trade offs when making security decisions.

2) The fundamentals of security have not changed.  Protecting access to information, keeping systems up to date, access and authentication, as well as deploying and maintaining anti-virus and network protection solutions continue to be at the core of keeping companies protected.  Many thieves focus on known vulnerabilities of systems that have not been kept up to date, allowing the malicious hacker to access these systems with a known nefarious path to entry.  A study by CSIS stated75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching” showing that one of the first steps to being secure is to assure these fundamentals are implemented successfully.

3) We need to perpetually remind our clients that security is a domain that spans IT as well as physical security.  If we have locked down systems, but people can easily enter and exit the building and possibly data center, our clients are still exposed and have a challenge.  Most threats come from inside, and actually they will take the easiest route to take valued information.  As an example, to be PCI (Payment Card Industry Card Production Standard) Compliant, they have both "IT" requirements as well as physical security requirements for companies to be compliant.

As I mentioned at the beginning of the year, we will use the process of design thinking to help prioritize our focus and help guide our priorities and how we best approach working with customers.  We will continue to use this approach with our customers across our solutions for Integration, API Management, and now Security.

If you would like to know more about the iSOA approach or how we can be of assistance please reach out to me or my Solution Consultant Brian Silverman bsilverman@isoagroup.com or our Customer Service leader Cheryl Bertini at cbertini@isoagroup.com.