Google+ Followers

30 Day Pageviews

Sunday, November 22, 2015

The future of data security: An interview with Dell Fellow Tim Brown

The Dell Fellows program recognizes engineers for their outstanding and sustained technical achievements, engineering contributions and advancement of the industry. They are also seen as top innovators that have distinguished themselves through ingenuity, intellectual curiosity and inventiveness in the delivery of technology solutions. For these reasons and more, I couldn’t pass up the opportunity to speak with Timothy G. Brown, Executive Director Security and Dell Fellow. During our broad-ranging discussion, Tim shared with me his exciting view of security in the not too distant future.

Kevin Jackson: Tim, I am very pleased to meet with you today. Thank you for taking the time.

Tim Brown: No problem Kevin, The pleasure is all mine.
Jackson: Before we look into your crystal ball, would you please explain your role at Dell?

Brown: Sure. I’m a Dell Fellow, one of eight Fellows across the company. We focus on looking at the future of technology and how we can innovate to make Dell better. My primary focus is on Dell security solutions.

Jackson: What has changed in the cybersecurity marketplace over the past 12 months?

Brown: There are many changes going on in the marketplace. Not only are the adversaries changing, but products and solutions for protecting enterprises are also changing quickly. In security, change is driven by those forces looking to gain access to our customer’s data and information. That adversary is getting more focused, delivering more crimeware, perpetrating more targeted attacks and testing new criminal business models.

Jackson: Do these so-called adversaries operate as a business?

Brown: They absolutely do. These groups are running multi-billion dollar businesses with a main goal of keeping that money flowing. They continually make investments in finding new models. The cash flow from one of their current models, stealing credit cards and associated information, is now weening off due to effective actions across the credit card industry. Today’s alternative payment models are making it much harder to turn credit cards into cash. This is why we now see things like ransomware. That is a harder type of attack but it has been effective in delivering more revenues. On the defensive side, analytics, more robust identity management and encryption are being more broadly used.

Jackson: What is the number one cybersecurity challenge facing your customers and partners today?

Brown: One of the biggest challenges is the lack of security professionals. There is negative unemployment in the field and companies are finding their openings very hard to fill. Five years ago, banks and large retailers employed most security professionals. Today every company in every industry needs them including your “mom and pop” corner store and the elementary school down the street. There are also technical challenges around selecting the right data protection software.

Jackson: So with the shortfall in cybersecurity professionals will Dell capitalize on the opportunity by becoming a security staffing agency over the next 12 months?

Brown: Maybe not a staffing agency but our industry leading managed security solution, SecureWorks, has actually helped our clients address their staffing shortfall. In fact, the rapid growth of SecureWorks is being primarily driven by that solution’s ability to do the grunt work associated with monitoring the firewalls and networks. At the same time, we’ve developed advanced software that monitors and updates Sonicwall devices. Constantly done in the background, this ensures that the latest intrusion detection, anti-virus and malware signatures are always deployed. Secureworks, by the way, also has a staff augmentation offering.

Jackson: So Dell is reducing security staffing requirements through the use of advanced software.

Brown: Yes! We deliver intelligent software that can be deployed, managed and used efficiently by your existing staff. We are not telling you to buy our software and hire three more people because that doesn’t work in today’s environment.

Jackson: You seem to be approaching the problem just as your customers and partners would.

Brown: Gone are the days when if an enterprise had a problem, all they needed to do was to throw more people on it. Companies need to be judicious with their human assets so our solutions help organizations operate in a more efficient manner. We help your staff focus on the most pressing issues at hand. This allows you to apply human ingenuity to those issues that require it, leaving the mundane and business as usual stuff to the software. What’s also surprising is the number of security “greenfields” we are seeing now. These are organizations that have not had any significant cybersecurity programs in the past and that are only now putting something in place. This has been more pronounced in education and healthcare industries.

Jackson: At Dell Peak Performance we heard that enterprises have suffered over $600B in cybersecurity losses this year against just a $200B investment to protect against these losses. What should senior decision makers and IT professionals learn from this statistic?

Brown: Organizations apply resources to those things that are important to them. In the past security just simply hasn’t risen above the many other priorities. Even with new regulatory requirements in effect, companies are minimally applying resources. Instead of having these precious security resources being spread thinly across the enterprise we help organizations develop and deploy in a focused manner. This gives them more value for their dollar and actually can deliver better results than before. It’s much easier to protect 50 things very strongly than it is to protect 5000 things weakly.

Jackson: With respect to cybersecurity, do you have any industry specific insights that you can share?
Brown: For me, healthcare immediately comes to mind because the industry as a whole is dealing with the challenges of electronic healthcare records. I was recently supporting a customer that had a data cable cut somewhere on their campus. Lack of access to electronic healthcare records prevented them from discharging patients for over 36 hours. So you can see how important securing that data while also maintaining redundant access is so important.

Healthcare records also need to be shared between multiple hospitals and multiple healthcare providers. This access must be managed and controlled so that privacy and personally identifiable information is protected. From a commercial perspective, the healthcare industry will also be among the first industries dealing with the “internet of things”. This is not only being driven by the changing nature of home healthcare and a rapid rise in the use of home healthcare monitoring devices, but also from the rising population of healthy seniors.

Imagine the value of an internet connected coffee pot owned by my parents, who are 87 and 89. In the very near future it could come on in the morning between 8:30 and 9:30 and send me an alert that everything is normal. To me, this coffee pot represents a non-invasive way of checking on them. If I don’t get that notification in the morning, I’m immediately on a plane finding out what’s wrong. These types of models can be integrated into the healthcare system, keeping the elderly healthy and more comfortable in their home. In this way healthcare and IOT will be both a showcase and a challenge when it comes to IT security.

Jackson: As a technologist dealing with the Internet of Things, healthcare information privacy and cross-border requirements share healthcare information, how do you deal with the different national and local laws?

Brown: National laws today are extremely difficult because they are based on data sovereignty rules. In some instances, these rules prevent the transportation of data outside a country’s geographic border. To make this better, laws will probably need to be changed in some way and I believe that the use of software based encryption to protect information will be part of our future. From a regulatory perspective, this will require endpoint protection and approved processes for disassociating data access from system access. I can also imagine limited access to the encryption key which, with an individual’s permission, would limit data access to one or two specified individuals. These types of enhancements require an ability to attach data access policies to the data itself. While no data protection silver bullets exist today, the next few years will be very interesting.

Jackson: Do you have any final comments or specific recommendations for corporate decision makers?

Brown: Today’s data security landscape is less scary than it is exciting. Just think about all the things we can do better today than in the recent past. We can help the elderly stay healthy at home for a longer period of time and we can enable identity federation across many different companies. These capabilities create new opportunities and new business models. Today’s CEO therefore needs the right security partner. One that stands ready to answer the hard questions and ready to discover answers that embrace the new future of business.

Jackson: Thank you, Tim.

Brown: You’re welcome, Kevin.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.


Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)

Thursday, November 19, 2015

Hybrid IT Governance: Automation is Key

As cloud computing continues to grow in importance, enterprises are now facing a new realization.  In their almost rampant embrace of cost savings associated with public cloud, many are just now understanding the information technology governance challenge posed by vastly different traditional and cloud computing operational models.  Often referred to as hybrid IT, supporting both models has left many executives trying to cope with a lack of hybrid IT operational experience.  Challenges can also include security concerns, financial management changes and even dramatic cultural changes.   

This myriad of challenges translate into enterprise risk across multiple levels, namely:

  • Organizational management and governance;
  • Accelerating business process speed and scope;
  • Expanding business partner ecosystem; and
  • Broadening enterprise information system user base.

To be successful, organizations should explicitly address these risks with a focused risk management strategy.  This strategy should not only address holistic activities that integrate across the business, but also on coordinated activities for overseeing and controlling high impact and high probability risks.  Some areas may even warrant organizational policy and governance enhancements include:

  •  Delegation of management decision authority to those responsible for everyday interactions with the organizations business ecosystems and IT supply chain
  • Establishment and communication of cloud ecosystem related risk tolerance through Service-Level Agreements (SLA), including delegated authority on decisions that impact the risk tolerance;
  • Near real-time monitoring, recognition, and understanding, of information security risks arising from the operation and/or use of the information system leveraging the cloud ecosystem; and
  • Organizational accountability around incidents, threats, risk management decisions, and solutions.

Figure 1: Risk Management Framework (NIST SP 800-37 Rev. 1)
Specificity around security processes, business resilience and financial management are paramount.  The dynamic and agile nature of modern business also demands using a relatively high degree of automation in supporting multiple business functions including:

  • Customer demands for multi-channel and multi-device interaction;
  • Expanding dynamic global IT requirements;
  • Operational business decision support;
  • Enforcement of organizational governance;
  • Operational flexibility through business ecosystem API; and
  • Internal demands to deliver on the promise of IT-as-a-Service.

When automating governance and control, organization should, as much as possible, enhance:

  • The discovery and documentation of existing public cloud resources;
  • The enforcement of data and access management security policies;
  • Monitoring and reporting of all governance processes;
  • Cost controls and budget management processes; and
  • Evaluation and selection of application “cloud readiness”.

Companies that fail to automate these key processes, will not realize the operational efficiencies and agility of hybrid IT platforms.  They will also fall behind their competition, eventually to the point of irrelevance.

Exemplary of a successful transition was when a leading, Fortune 500 nutrition, health and wellness company decided to migrate applications from two end-of-life data centers.  During their initial evaluation, the enterprise found that moving to a Hybrid IT model — a mix of private cloud, public cloud and physical assets — would help them solve problems that were hindering their competitiveness.  With the expertise of a top system integrator, the enterprise transitioned to a cloud brokerage solution. This solution automated their IT governance by tying planning, consumption, delivery, and management seamlessly across public, private, virtual, hosted, and on and off premises resources. Gravitant’s cloudMatrix solution was identified as the only purpose-built solution for Hybrid IT.  Using this solution, the enterprise enhanced IT governance, reduced operational risk and transformed its IT services model from a high-cost, inflexible physical data center model into a next generation, pay-per-use model.

In accomplishing this transformation, cloudMatrix provided:

  • A seeded catalog of the industry’s leading cloud infrastructure providers, out-of-the-box without the overhead of custom integration.
  • A marketplace where consumers can select and compare provider services, or add their own IT-approved services for purchasing and provisioning.  Consumers can use a common workflow with full approval processes that are executed in terms of minutes not weeks.
  • Reporting and Monitoring that includes multi-provider consolidated billing estimates, actuals, and usage projections for accuracy and cost assignment.
  • A visual designer that includes sync-and-discover capabilities to pull all assets (VMs) into a single, architectural view and management standard.
  • Integration with service management and ticketing systems through an API framework.

In only six months, the enterprise was able to move its workloads from the existing data centers, to a Hybrid IT (private, public and physical) delivery model and provide self-service IT to business units with cost and usage transparency.  IT cost, which had previously categorized as a general percentage of overall IT spend assignment, is now available by virtual data center, service/application, and usage — permitting reporting and governance at a “cost-per-business unit” level.

( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.)

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)

Thursday, October 29, 2015

Endpoint device management: Protecting the enterprise front door

Mobility and cloud computing have combined to obliterate any so-called network security perimeter. Corporate data has now been let loose to roam in a world of cyber thieves, manipulators and untrusted infrastructure. What is a security professional to do?

According to Bill Odell, the Dell Vice President of Marketing for Endpoint Device Management, you need to protect the enterprise front door. Since devices are the network’s gateways, endpoint device management is now the key to protecting your enterprise data. That is why I was truly excited to speak with Bill at Dell Peak Performance in Las Vegas earlier this year.

Bill Odell, VP of Endpoint Device Management marketing

Kevin Jackson: Bill, I am really honored to get some time on your schedule today. Could you please explain to my readers your role at Dell?

Bill Odell: First Kevin, thank you for interviewing me today. I run marketing for Dell end-point device management. We provide solutions that help our customers manage and secure anything from a laptop or a PC to their servers, mobile devices and smartphones. With the explosion of different networking devices our solutions have now expanded to include printers, IP phones, network switches or anything else that may come online in the future.

Jackson: Sounds like your day job is the Internet of Things. With the advent of this new vision of the Internet what has changed with respect to security on these new types of end points? I imagine the proliferation of network-connected devices is really driving new cybersecurity challenges.

Odell: That’s exactly right, Kevin. Some have predicted that 50 billion devices and objects will be connected to the Internet by 2020. That type of environment absolutely changes the way companies deal with security. Trying to lockdown a windows PC is bad enough, but now you need to worry about other operating systems. This realization has changed our opinion on what Dell needs to do. Today our solutions help customers securely operate in this new world by identifying and profiling devices when they join your network. Through a single pane of glass, our solution will tell you what devices are connected, where they are connecting from and if they are owned by the corporation. This really helps when people are free to connect their own personal device to the company network.

Jackson: You mentioned that Dell solutions can actually profile the end point devices. I imagine this is an important capability when dealing with events like the recent Windows 10 launch. As the different device types and operating systems proliferate, what is the number one cybersecurity challenge being faced by your customers and partners today?

Odell: Every endpoint is a point of attack. In fact, many of the recent well-known attacks have started from point-of-sale terminals attached to the network. That is why our solutions are built around delivering three important features.

First, we continually assess the network environment. This means not only knowing what devices are on the network but also their configuration. By comparing device configuration with the company standard, our software can immediately detect any changes or modifications. Users love to customize but a change may reduce the security of a device. To maintain a required security level, companies need to keep tight specifications and an ability to dynamically monitor device configurations is critical. Second, we scan for any outside intrusions. We do this dynamically on all connected devices. Third, we maintain a consistent patching regimen. This is an age-old defensive process but some customers simply lack the resources to keep this necessary activity up to date. I actually had a customer who serves as the CISO at a major university tell me that they didn’t do anti-virus patching because attackers on the offense were simply faster than they were on the defense. This “drive-by malware” reality emphasizes the need for continuous patching on anti-virus and all your other application as well.

Dell integrated endpoint management solution 

Jackson: Dell’s portfolio sound very comprehensive and complete so how do you plan to improve it over the next 12 months?

Odell: Security is an ever moving target. A breach isn’t a matter of “if” but of “when” so companies should focus on building up their ability to detect breaches ahead of time and hasten their breach response protocol when it occurs. That is exactly why Dell brings a broad portfolio to bear on this issue. Everything from Advance Threat Detection with SecureWorks and network protection with Sonicwall through endpoint protection with KACE and encryption down at the data level. The trickiest aspect of endpoint protection however, is the lack of configuration management APIs for non-standard network devices and operating systems. As those devices and operating systems become “smarter”, we will update our software and solutions to further enable more dynamic and interactive endpoint management.

Jackson: We all look forward to those new capabilities. At Dell Peak Performance, we heard that enterprises have suffered over $600B in cybersecurity losses against just a $200B investment to protect against these losses. What should senior decision makers and IT professionals learn from this statistic?

Odell: This is a tough problem that requires constant vigilance and lack of endpoint security provides a major thoroughfare for these losses. The Canadian Cyber Incident Response Centre (CCIRC) recommended four mitigation strategies which, according to them, could prevent as much as 85 percent of targeted cyber-attacks. The four strategies are:
  1. the use of application whitelisting,
  2. patching of applications,
  3. patching of operating systems, and
  4. more restrictive administrative privileges.
 All of these protective measures can be implemented through effective endpoint protection policy and enforcement. These strategies, originally developed by the Australian Government, were also endorse in May 2015 by the US Computer Emergency Readiness Team (US-CERT). Endpoint device protection represent “table stakes” in this cybersecurity game. As time goes on, we will get better in the understanding of related analytics and in the recognition of threat patterns.

Jackson: I now envision you as a bouncer standing at the enterprise front door protecting it against that 85 percent of targeted cyber-attacks. What industry-specific insights have you learned while fulfilling that role?

Odell: From our business perspective, the top two industries are education and healthcare. Part of that is because our solutions are very comprehensive and at the same time, easy to use. In education, since school districts can’t afford to give every student a laptop or tablet, “bring your own device” is the most important challenge. Much of the curricula and many tests are accessed using personal devices over the school network. We help educators securely leverage technology while maintaining an online environment that’s also conducive to learning.

In healthcare we not only deal with regulatory issues around Personally Identifiable Information (PII) and the Health Insurance Portability and Accountability Act (HIPAA) but also aspects associate with smart patient monitoring devices connected to the hospital network. In that environment, we give hospital administrators an ability to inventory, locate and manage all of the hospital’s patient care devices from a single console. We secure not only the device but the patient status data as well.

Jackson: In the not too distant future I may sport a Dell KACE managed pacemaker in my chest. So Bill, do you have any final comments or specific recommendations for corporate decision makers?

Odell: With the proliferation and explosion of smart devices and systems, decision makers must not forget about protecting their endpoint devices.

Jackson: In other words, protect that front door. Well, thank you, Bill for sharing your time with us today.

Odell: Thank you, Kevin. I enjoyed it.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)

Friday, October 23, 2015

20 hybrid cloud insights from top industry experts

One cloud does not fit all organizations.

That’s true whether it is a public or private cloud. A hybrid cloud option allows your business to create  a custom solution that fits your organizational needs.

However, there are always questions with new solutions. We reached out to industry thought leaders to answer some of the marketplace’s most pressing questions on hybrid cloud.

In this eBook, you’ll learn why thought leaders like Kevin Jackson, founder and CEO GovCloud Network, look at hybrid cloud from the viewpoint of hybrid IT. You’ll also hear from Shelly Kramer, co-CEO, V3+Broadsuite, on what CIOs need to consider when adopting hybrid cloud.

Data security is also top of mind for today’s IT professionals. Eric Vanderburg, director of information systems and security, Jurinov, Ltd., and Bev Robb, publications manager, Norse Corporation, use this project to address security when moving to a hybrid cloud option.

More on hybrid cloud.

(Dell sponsored this article)

Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)

Tuesday, October 13, 2015

Security requires long haul planning

On Tuesday, October 6th, the European Court of Justice (ECJ), invalidated the U.S./EU Safe Harbor Framework. This framework, in place since 2000, gave blanket permission to data transfers from the European Union to the United States. The ruling means that national data protection authorities can now review such data transfers on an individual basis. It also complicates many aspects of data security for any enterprises doing business across the Atlantic Ocean.

This recent ruling highlights the value of having a strong security partner shepherding your enterprise through these types of perturbations. Luckily during Dell Peak Performance in Las Vegas, I had the opportunity to discuss the importance of such a partnership with Bill Evans, senior director of product marketing for Dell’s Identity and Access Management businesses.

Photo courtesy of Bill Evans
Kevin: Bill, thank you joining use today. What is your role at Dell?

Bill: Thank you for the invitation, Kevin. I work in the product marketing group within Dell Security. Specifically I support the Identity and Access Management product portfolio.

Kevin: Identity and Access Management is a very important aspect of cloud security. What has changed in the IDAM (identity and access management) marketplace over the past 12 months? The proliferation of devices seems to be the Achilles heel to having secure IT.

Bill: Historically, when it came to IT, everything was centralized. The mainframe, the client-server model and desktop computers were all contained within a company’s network perimeter. That perimeter is now gone and organizations are now trying to deal with an IT world that has no boundaries. A recent analyst report actually stated that identity is now the new perimeter. Protecting the network from intrusion, malware and other threats is still as important as ever. Additionally though, companies need to work harder to control access to data and applications. The focus is not only on outside hackers trying to get in but on the malicious insider as well.

Kevin: With identity and access management as the new boundary for now and into the foreseeable future, how do your customers step up to this formidable challenge?

Bill: Above all, leaders and managers need to be intelligent about the investments they make in this area. This also means avoiding reflexive “knee-jerk” reactions. The first step of the process is conducting an inventory of their current infrastructure. It’s actually impossible to protect every piece of data and frankly, they don’t need to waste money and effort trying to do so. Companies do, however, need to categorize and strongly protect data that is important. Things like personally identifiable information (PII) or healthcare records need to be isolated and surrounded with strong access controls. We call this process prioritizing the need which means developing plans that protect the most sensitive data by using the strongest operationally practical protections. Organizations are then in a position to assess available tools for implementing the needed protections. Dell’s portfolio not only provides solutions for today’s problems, but it also delivers a platform that can address future needs and challenges. Security is not a one-time project so we partner with our customers over the long haul. Making intelligent business decisions across all available technologies is key.

Kevin: You’ve outlined an approach that includes infrastructure deployment decisions in combination with a sort of data triage process. I’ve also been impressed with the breadth and depth of Dell’s security portfolio. With that said, what issues are top of mind for you and the Dell security team. Which of these issues are you planning to address over the next twelve months?

Bill: That’s really a great question. The thing we’re looking at very closely right now is the impact that security has on user productivity. To be honest, on a scale from one to 10, a security and risk professional wants to turn the security dial up to 11. They want to secure everything with multiple credentials that all have very long passwords. Users don’t tend to like that approach, so if you go down that implementation path, people will generally avoid the issue by going around what they perceive as a “security hurdle”. This isn’t good for anybody, including the company.

So what we’re doing is applying some new technology that we refer to as the Dell Security Analytics Engine. Though the use of Dell’s uniquely broad security portfolio, the security analytics engine can enable context-aware security. This capability collects data in real-time from multiple security assets deployed across an enterprise. We can pull information from the Dell laptop as a managed or unmanaged device. We also extract data from the Sonicwall firewall on who is accessing what type of data from where. Data from Dell Secureworks also compares the scenario with blacklists and known threat signatures. All this information is then combined to deliver a context derived risk score to the Dell One Identity Cloud Access Manager. The access manager can then make a real-time decision on that connection.

Let me give you an example. If I log in on a Monday morning at 8:30 a.m. from the office with correct credentials, it’s a pretty safe bet that I am who I claim to be. On the other hand, this week I’m in Las Vegas at Peak Performance and will probably log in from my hotel room tonight at 9:00 p.m. The security analytic engine would flag that as being an unusual occurrence and Cloud Access Manager would interpret the higher risk score as a cue for stepping up authentication requirements. This, for instance, may mean using a one-time authentication token. If my credentials were subsequently used to login at on a Sunday at 2 a.m. from North Korea, the system would read that as a probable attack and block the transaction. The challenge is in finding that right balance between tight security and user productivity. Nine times out of 10, username and password is good enough. That tenth time, however, a little extra precaution is warranted. Users are generally willing to accept a security related inconvenience every once in a while so they won’t try to circumvent the controls. So in effect, the security team can adjust the security dials in real time.
Kevin: This seems to be a more balanced approach to security. At Dell Peak Performance we heard that enterprises have suffered over $600B in cybersecurity losses this year against just a $200B investment to protect against these losses. That doesn’t sound like a balance at all. What should senior decision makers and IT professionals learn from this statistic?

Bill: This really indicates how tough security decisions can be. While enterprises today are spending more money on security, they are also feeling worse about their security posture. Knee-jerk reactions contribute to this dichotomy. Executives, with the best of intentions but focused on addressing singular security issues, serially purchase disparate security products. These types of actions eventually lead to a patchwork of siloed security solutions. Between each of these perfectly effective solutions, however, you will find security gaps through which threats can invalidate a security strategy. As discussed earlier, we strongly recommend targeting a long-term goal with the understanding that the company cannot solve every security problem in one day. Success in this game requires partnering with a vendor that can not only address today’s issues, but also work with you to leverage a coordinated investments over time.

Kevin: With respect to identity and access management, are any specific industry verticals better positioned for this type of balanced approach? Are there any industry specific insights that you can share with us?
Bill: There is an interesting dynamic in play when it comes to user behavior and industry related expectations. While no one industry is easier or harder when it comes to data protection, they all have specific requirements related to their industry’s business model. While the requirements within industries like banking and finance are certainly different than those in healthcare, they all deal with the challenge of balancing security with the desired consumer community experience. In private, management will demand two-factor authentication throughout their respective user communities, but why hasn’t this proven control been broadly implemented? Multifactor authentication isn’t being widely used in the consumer space because of its intrusive impact on the consumer experience. A prospective customer’s decision to bank with Company A or Company B may ultimately be driven by how easy it is to get account information through a smartphone application. Daily decisions of this type forces a constant balancing between security and business needs. As consumers, we decide with our buying actions whether to accept the cost of improved security. Eventually, those same consumers will need to stand-up and state through their buying actions a willingness to pay for more robust security. We advise organizations to act smart by optionally offering enhanced security, now, because over time, all organizations will be moving in that direction.

Kevin: Do you have any final recommendations for the CEO dealing with this dilemma?

Bill: I would counsel all CEOs to start with research. You need to understand your infrastructure, thoroughly understand your threats and attack surfaces and plan for the long term. This will pay high dividends when selecting a security partner that can serve your needs as they morph and change over the long haul.

Kevin: Thank you, Bill, for your words of wisdom.

Bill: You’re welcome Kevin.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.


Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2015)