Reflections on ISSA Conference 2015

ISSA Conference 2015

This month, I was fortunate enough to attend and present at the ISSA International Conference in Chicago. This event was truly a pleasure to attend, as there were great ideas being discussed and equally great people to discuss them with. Together, we were looking to take a very pragmatic approach to security, with the understanding that we are all working to incrementally improve it. We understood that there is no one magic bullet to solve security problems across the board.

In fact, there was an increased emphasis on the need for metrics to measure and quantify security, with the idea being that if we can measure it, we can continuously work toward improvements. There is no “one size fits all” solution for risk posture. Having a holistic understanding of all the aspects of a business and the information it handles has become critical to improving risk posture. This can help organizations identify where their weakest spots are, where to invest and how to get the best value from their security dollars.

While the conference itself featured lively breakout sessions that fostered discussion around the Internet of Things (IoT) and the rise of the use of personal mobile devices for important business, concerns among small-to-medium-sized enterprises really caught my attention. There is definitely a feeling among SMB-sized enterprises that they are constantly trying to “catch-up” with new threats and cannot seem to keep up to speed without constant vigilance and investment. Because new threats are arising on a constant basis, many companies feel that they are quickly falling behind when it comes to security. Given this environment, many companies could easily understand the benefits of Adaptive Data Loss Prevention as a means to protect the organizations’ most critical data and offer rapid risk reduction. Adaptive Data Loss Prevention can also help in providing some security metrics to measure progress back to and can work into long-term programs to improve security posture. For companies looking to get caught up on security, we recommend staying positive, and checking out our recent blog for some very practical cyber readiness steps to cost-effectively reduce exposure.

The session I gave, “Security or convenience: Enabling a collaborative work environment,” sparked a lot of interest from attendees on how collaboration could be done securely in the cloud, with the move to hosted email solutions being top of mind. (We have written a blog about this in the past, specifically around how to improve security around Office 365.) We believe that prudence is key in managing the risk of migrating information, email and business practices and processes into the cloud. With the right steps, you can be confident in making the change, but all agreed it’s crucial not to compromise security by simply leaving it in the hands of the hosting provider. Additional security is required to provide the assurance that your critical information is protected in the same way as when it was on premise.

Until next year…

If you’re interested in learning more about working safely with cloud collaboration tools, we’ve put together a document to help in creating a secure collaborative environment – outlining a framework for secure collaboration that can help organizations remain agile and secure.

By Dr. Guy Bunker @guybunker