The need to better secure the technologies we use every day is clear. Data breaches, hacks and stolen information create a backdrop for the discussion, but often that discussion fails to address a crucial reality, and in doing so misses the mark. As Michael Goedecker points out: "If we truly want to tackle the challenges of this millennium then we need to deal with the facts and face the truth. If we want to keep a globally linked and open system, we will also have to accept the risks associated with that "open" network. So when we face the facts that: The Internet is insecure by design, that it has opened up otherwise closed networks, and that people can attack at any time, from anywhere, and we never really know for sure were they come from, we get to our "truth" in security. We need to change the way we build, secure and protect things on an open and vulnerable network."
In his post, Goedecker sets forth 7 compelling ways we can start to address security effectively:
- Recognize the weakness in Internet and its connected networks, systems and technology
- Move towards better security technology that leverages what I call the proactive security practice
- Leaders of Security teams, organizations and companies need to be transformational and servant leaders. These "leaders" inspire and create an environment of innovation and spark creativity.
- Stop promising the silver bullet, customers know this is "sales speak" so just stop it.
- Get to actionable intel in SIEM, IPS, IDS systems that work, are secure and dependable.
- Recognize as fact that without IT and IT Security, the business can't fulfill orders, book revenue or exist.
- Stop being drama queens and selling snake oil.
"Although the "steps" above are not everything" he says, "they are a great way to reorganize how security needs to work, how we can get value from what we have, and if we need to buy stuff we at least know how, why and where we will need it and how to implement it."