What security challenges can't be addressed with technology solutions?
Sort by:
Right. And how do we do that across everybody's company? Because everybody approaches it in a different way. We still have challenges ahead.
I would say over half of companies still have a problem with off-boarding contractors improperly. The HR system knows when an employee leaves, but the HR system may not know when the contractor leaves. It's people, processes, and governance issues. 1500 roles is too many by a factor of three, how do you administer that?
There are all these technical attack services, but the bottom line is that the exposure comes from the human aspect. So much education has to be done. But again, it’s still a matter of Governance, risk, and compliance (GRC). A couple years ago, at a multibillion dollar company, the guy who was in charge of security was also the enterprise architecture and infrastructure guy. I said, "You know, it's not a part-time job. You need a CSO office." Even with Wombat/Proofpoint, these things generally fail because someone clicked the link after you've educated them so many times. So how do you make it fail-safe? Your Office 365 has a little phish button. This is a phishing email, send it off to those people.
We've got 1500 different roles which control access in our enterprise resource planning (ERP) systems. When the information comes into our data lake, is 1500 the right number? Is it 50? What are the right security controls? Is there any such thing as the right way to do it? That’s the million dollar question. It's not necessarily a technology problem. You can make multi-million dollar investments in all kinds of memory applications, system databases, the coolest virtualization and analytic products, but unless you tweak your processes from a people standpoint, you're not going to get the most out of them.