“You’ll be a lot more secure if you just know what you have. But that seemingly simple first step is an impossible task for most.”
The one issue that seems to be the top corporate security bugaboo is visibility within the enterprise, explains Tony Sager, Senior VP and Chief Evangelist for the Center for Internet Security, in our conversation at the 2017 RSA Conference in San Francisco.
That visibility refers to what assets the organization has, what software they have running, and who has the ability to change things in their environment.
“Those are undervalued because they’re messy and hard and they’re more ‘IT operations’ rather than ‘security operations’”, said Sager, whose company manages the top 20 list of Critical Security Controls for organizations.
Watch the full video interview with Tony Sager here:
Unequivocally, the simple task of understanding what’s in your environment is an extraordinary task. Corporate networks and the software and devices that connect to them act like a living, breathing organism. They’re constantly changing.
Sager admitted it’s not easy, but that’s not an excuse not to start.
“You have this big challenge, but if you don’t get started you don’t ever get better,” enthuses Sager. “People sometimes give up when they can’t come up with a perfect technical solution. That’s really a poor strategy. Because really having good visibility is a mix of having good technology, but also management controls, good control of your purchasing, and good personnel processes.”
As for new security focuses, Sager said that new on his list is the concern around administrator rights, but his firm has recently shown increased focus towards small businesses.
“Small businesses are never going to be able to defend themselves,” said Sager. “Even if the tools were free in the marketplace, they can’t defend themselves. They don’t have the people. They don’t have the time or expertise.”
That’s why for small businesses, Sager is looking towards a managed service model of security.
ABOUT TONY SAGER:
Tony Sager is a Senior VP and Chief Evangelist for the Center for Internet Security. He leads the development of the Critical Security Controls, a worldwide consensus project to find and support technical best practices in cybersecurity. His “volunteer army” cuts across all segments of the industry to identify practices that will stop the vast majority of attacks seen today, and then leads projects that will validate, measure, scale, and share these practices for widespread adoption.
About the Author
David Spark is a veteran tech journalist and founder of Spark Media Solutions. Since 1996, Spark and his articles have appeared in more than 40 media outlets including eWEEK, Wired News, PCWorld, ABC Radio, John C. Dvorak’s “Cranky Geeks,” KQED’s “This Week in Northern California,” and TechTV (formerly ZDTV). Spark is also the author of the book, “Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.” Today, Spark blogs regularly on the Spark Minute and is a regular contributor for Forbes. Spark is a noted speaker, entertainer, and moderator at tech and marketing events.