The Sony Breach

Let’s set aside all of the political implications of this breach and just look at it as another breach for a moment.  100 TB of data stolen.  WOW!  We all know that no company can prevent a breach if someone is determined to get in, however with a solid framework, we should be able to detect the breach relatively quickly.

Regardless of what the vendors tell you, throwing more technology in your data centers will not solve this problem.  We must go back to the basics!  To master the basics of a good security program, the security team must earn the respect of the business by helping them build solutions such as identity and access management or federation with cloud services.  The business loves these services because they make their jobs easier.  They are able to gain access quicker and not worry about security getting in their way.

Once you have a partnership established, you can design a security governance program complete with buy-in from the C suite, a road map, risk register, vulnerability management program, incident response and of course, metrics.

While some of these certainly include technology, we must have the governance in place to ensure we have team members trained and dedicated to each of the tools to help quickly understand the data they create.

Here’s hoping that in 2015 we have more businesses create partnerships between the CISO and the business, not out of fear, but out of a genuine value to the business!