Grow a secure digital supply chain
As the amount of software involved in the traditional supply chain grows, digital technologies will create a matching digital supply chain using cloud services, said Mr. Perkins. Security professionals should develop a strategy for public clouds, gauge whether the company’s private cloud strategy can be applied and create a cloud lifecycle governance approach. Finally, he advised companies to implement these strategies over time so that cloud security does not become diffused across too many players.
Embrace adaptive security architecture
Companies already have a myriad of products related to security, prevention, detection and response, says Perkins. Security leaders must shift their mindset from incident response to continuous response, spend less time on prevention and invest in detection and response. Context-aware networks are able to provide multiple sources of information that security professionals can use to determine if an attack is taking place. Enterprises should architect for comprehensive, continuous security to provide visibility across different layers for future security.
Adapt security infrastructure
Due to the increase in connectivity and devices, different types of networks are connecting that haven’t traditionally been brought together, says Perkins. As a result, security professionals need to make decisions about equipping the integration points of those networks. Companies should look to creating guidelines for networked trust zones for network segmentation, and evaluate “discovery” techniques so they’ll be aware of what changes are occurring in a physical way. Additionally, since this is an area that mobile security has been addressing, companies should expand security skill sets to include all types of wireless communications and look to the mobile industry for lessons in simplifying the layers in the deep stack of security.
Establish data security governance and flow
Enterprises need an approach that looks at policy, monitoring and protection and groups the myriad types of products on the market into very discrete segments so security professionals can work effectively in creating security architecture, said Mr. Perkins. Begin treating data classes seriously, and focus on device protection and data flow profiling to determine security strategy for the Internet of Things. Overall, companies should move toward a mindset that embraces governance and show some formalism in securing their data.