Common sense security says it’s no secret that when we go online, we take the risks of entering a war-zone. Cyberspace remains a domain of commerce in which rule of law is still emerging. As it relates to physical property, movement across the seas, or navigating in the skies, the law is well established, defined and enforced. But law and its enforcement in cyberspace are incomplete, inconsistent, unpredictable, and uncertain. Often we can’t tell whether the people and systems we interact with are wearing white hats or black ones. When we have to call the authorities, it’s too late. And unclear whether they can do anything.
Traditional security advisors have responded to this situation by counselling extreme caution. Be afraid, we are told. Be terrified!. Build up your fences and walls. Don’t venture outside, where we can’t help you.
Business executives respond to such advice with a sense of exasperation because securing the firm’s operations has become synonymous with living in a prison. At a certain point, the firewalls, the anti-virus software, and the fearful, untrusting rituals for engaging with the outside world become obstacles to doing business. Each additional layer and ritual adds more friction that drives executives and employees to use unsanctioned or forbidden software and cloud services, and thereby increases corporate vulnerability. Traditional security smothers the agility and innovation required to remain competitive in a rapidly changing world. It binds the enterprise in chains. It’s a drag.
We need to change the conversation. Modern business centers on collaboration and co-creation of value, which means leaving behind the old “security perimeter” way of understanding the firm. Reflecting the new way of doing business, security products must focus on enabling collaboration and agility. They must support dynamic assembly of teams across disparate enterprises. And they have to allow the individuals on those teams to use the technologies and services that provide the most leverage in achieving the business objectives of creating new value that adds capital to the balance sheet. This is the new uncommon sense.
So forward-looking CISOs (Chief Information Security Officer) need to think regarding making it possible for executives and organizations to go about their business using the latest value-generating technologies in the market. One way is to focus on the data, and apply encryption and masking across the enterprise and its extensions into the cloud. By providing a seamless, policy-driven way of automatically masking data from the point at which it is created on a device, to the moment it is reviewed by an authorized user, the CISO can give executives the confidence of knowing that a data breach isn’t going to make the sky fall. And that brings with it economic value because it unlocks the possibilities of harvesting the Return on Investment promises associated with cloud-based services.
Every cloud application and service makes a business case that demonstrates potential savings, and Return on Investment. But those promises remain theoretical as long as the enterprise sees itself unable to adopt the service due to information security and compliance concerns. By resolving these concerns with a solution that allows the enterprise to govern the opacity and transparency of data before it leaves a user’s devise, the CISO can help deliver real Return on Investment.
For more information, please read "The New Security Paradigm"
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
