Mold the technology with NetSuite to Fit the Business Needs
Ah, might as well jump! "But you better put your helmet on"
ERP Stress - You cannot bottle this sort of thing and sell to your...
Moulding Complete Business Solution through NetSuite Software
Tips for a Successful NetSuite Transformation
Rick Gemereth, CIO, Lionel, LLC
Integrating Technologies for Strategic Excellence
Wayne Towson, CIO, INTERPOL Washington
To be a Modern CIO Requires Business Core Competencies
Andrea S. Ballinger, VP, COO & CIO, University of Illinois Alumni Association
Benefits of Enterprise Architecture for Organizations
John C. Martin CIO, Georgia Department of Natural Resources
Thank you for Subscribing to CIO Applications Weekly Brief
The Future For It Security Will Be Challenging
MICHAL NIEZURAWSKI, HEAD OF GLOBAL IT SECURITY COMPETENCE CENTER, DB SCHENKER
Just to refer to the most recent example Covid-19 was a unique situation for the whole IT. The logistics industry was no different here. Thousands of people were forced to start working remotely. Technology allowed for this transition in a relatively secure manner. IT Security’s focus was to ensure IT services availability and data protection. In most cases, it went so smoothly that users didn’t question why this was even possible. Success was secured by a combination of multiple factors just to name – reliance on cloud services, centralized identity management, transparent cloud VPN. The other aspect that proved value was the IT Security Awareness Program that helped users to find themselves in a new situation or find an acceptable response to new threats.
Focusing on the last one. End-user awareness, at all levels of an organization, is still and will be the biggest challenge to IT Security. Basically,users demand more and more functionalities, easy ways to use technology. Unfortunately, they do not know how to do it properly or just make simple mistakes. Technology that allows protecting data became so transparent that for some is hard to recognize what is acceptable. Just to add, due to the current situation, users working from remote locations are missing direct IT support contact or without the supervision of more experienced colleagues have the challenge to recognize threats.
Challenging is also a constant increase of devices like mobile computers, mobile telephones, smartwatches, basically the “Internet of Things” (like IoT)that allow us to access information. Obviously, from a risk management perspective, we can block access to functionalities. Unfortunately, these functionalities are just “what our business wants”.This makes the whole IT environment extremely complex, its configuration volatile and hard to control.
IT Security industry is looking now at Big Data processing and Artificial Intelligence to resolve complexity and resource challenges. This concept is sold as the “ultimate solution” for the industry. Currently, Artificial Intelligence technology gained adequate maturity that allows finding some practical applications. This happened due to a processing power increase. However, in my opinion, we are not there yet. Full process automatization is not possible and we are struggling to find a correct spot between seeing too much or too little due to lack of system calibration. Constant human supervision and action are still necessary. However, I have to admit the use of AI is on a good path here and will be present more and more as the preferred solution.
Technology that allows protecting data became so transparent that for some is hard to recognize what is acceptable
Finally, the IT Security industry is and will be in a disadvantageous position. Our role is to make sure we are able to protect everything. For our opponents the objective is much easier – find the weakest element. There is no easy solution available. To protect the commercial enterprise IT environment we should make it simple enough to achieve reasonable benefits of scale –similar devices are by far easier to protect than trying to have an individual approach. At the same moment, we need to avoid the situation that the whole IT environment is compromised using one vulnerability present everywhere – that is limit services to a minimum, keep a fast pace of patching. In a commercial environment, taking into account technological progress, there is no way to keep valid business offering using such limitations. More and more devices are being connected to the Internet (we should exceed 18 billion this year) enterprises also tend to clutter their internal network with them. Our users demand “smart” projectors, TVs, printers, thermometers, light controls, etc. This comes at cost of increased interconnectivity and environment complexity. The IT Security can always help here by supporting the implementation of such programs like Vulnerability Management, Zero-Trust, or just basically challenging the status quo by “red-team” exercises. However, this usually is not adequate in comparison to depict clearly needs to decision-makers. To summarize – the future for IT Security will be challenging here and as an industry, we will be still struggling here as long as the pace of progress of the IT Industry and the possibilities of IT applications is increasing. To be honest, this is part of our job