Source
Security tools play an important role in helping to protect corporate data. But technology fixes address only part of the overall security problem, according to several IT managers.
"Technological breakdowns are rarely the source of the breach," said Tim O'Pry, chief technology officer at The Henssler Financial Group in Marietta, Ga. "More often than not, it's good old-fashioned human frailties."
Addressing that issue often requires companies to increase their investments in user awareness, training and education, said Matt Kesner, CTO at Fenwick & West LLP, a law firm in Mountain View, Calif.
Security managers "pay lip service to the issue but don't do a good job of training our users and employees," Kesner said. "A lot of people, even in senior positions, aren't aware of the threat every time you attach a computer to the Internet."
Arshad Noor, CEO of StrongAuth Inc., a vendor of identity and compliance management software and services in Cupertino, Calif., said security risk-mitigation efforts should be integral to every new IT initiative.
"If a business unit doesn't address potential vulnerabilities in its processes before it introduces a product to the market, it's not doing its job," Noor said. The same is true when IT systems and applications are being designed, he added.
From a technology standpoint, the recent security incidents at several companies highlight the need for IT managers to focus on end-user authentication and identity management, said Howard Schmidt, eBay's chief information security officer.
Schmidt said he thinks that in the future, companies will need to use more-robust two-factor authentication tools to vet access to confidential data.
There's also an urgent need for companies to pay more attention to protecting stored data in addition to controlling network access, said Gartner Inc. analyst John Pescatore. "The biggest attacks are taking place at the point where data is stored," he noted.
Reply With Quote