- Key Mistake 1: Separate Camps
- Key Mistake 2: Uncommon Standards
- Key Mistake 3: Treating Business Processes and Usability as an Afterthought
- Key Mistake 4: Inadequate Security Testing
- Moving Toward Confluence in Enterprise Security
Moving Toward Confluence in Enterprise Security
Enterprise security is a shared responsibility, and every employee has a role to play. In the C-suite, enterprise security should be positioned as a strategic business priority—worthy of board oversight, and properly resourced. Enterprise security decisions should not stand apart from business and operational decisions. Instead, form a diverse security team that can provide the foundation for movement toward integrated decision-making among stakeholders with security, business, and technical mindsets. Highlight with all employees the importance of (1) maintaining proper security protocols to protect proprietary and sensitive data; (2) developing an awareness of company business, security, and privacy policies; and (3) understanding remediation procedures, to include operational and ethical considerations.
Today's enterprise environment includes a dynamic interplay of technological and human-factor vulnerabilities. Adversaries not only are attacking device, network, and human vulnerabilities, but also exploiting weaknesses in the interfaces between them. This environment calls for a holistic approach to enterprise security—linking software developers, security experts, and line-of-business owners in confluence.
Specifically, implementing a confluence approach will assist software developers and security practitioners in overcoming obstacles to collaboration, managing the complexity of layered security, and integrating new applications within the existing security infrastructure. More broadly, as we move further into 2015, a year that will likely prove to be even more volatile than its predecessors, enterprises that adopt a confluence approach will be better positioned to address the key mistakes I've discussed here.