I sat in a professional exchange the other day here in Seattle, listening to the challenges that security professionals are encountering in their attempt to protect an organization that, if typical, is experiencing massive data growth and exchange, without crippling the business.
I feel like I was listening to the same conversation a decade ago. Granted, the extent of data growth and information exchange was nowhere at the level that organizations are experiencing today, but..at the time...it seemed significant.
In other words, our challenges haven't subsided. They are the same, but with an increased magnitude. And the "solutions" and "considerations" that are exchanged amongst professionals haven't changed;
Integrate security into business processes
Ensure visibility of risk matters at executive levels
Apply security controls to the most critical risk areas
My questions are many, but simmered down to two:
1. Why are we embracing approaches, today, that we did a decade ago, despite the lack of effectiveness?
2. If one is of the opinion that these approaches are effective, then why do we have the frequency and magnitude of breaches that we are seeing today?
No comments:
Post a Comment