Focus On Cyber Security: Ed Dubrovsky, OnX Enterprise Solutions

What do you think is one of the biggest misunderstandings about cyber security?

It is challenging to identify just a single item. Ultimately, what I am seeing all too frequently is that organizations are treating information security as a sprint rather than a marathon. The approach to both differs quite significantly. All too frequently, organizations tend to focus on the latest point-solutions in the belief that these solutions will offer a “quick fix” thereby increasing their overall costs and already complex and difficult to manage security portfolios, while frequently failing to fully deploy or utilize these same solutions. There is not a single information security solution that is meant to be a set-it-and-forget-it. Information security constantly evolves with the threat landscape and organizations need to adapt by having a clear long term strategy, one that can be measured and tweaked.
 
How important is it for physical and IT security professionals to work collaboratively?

Physical security is an integral part of information security and should never be neglected. It makes little sense to invest all available resources in securing information assets from digital attacks, and leaving a physical door to the data centre wide open. Motivated attackers will not hesitate to exploit a physical vulnerability if there is sufficient incentive in place.
 
What will be some of the more important takeaways from your session?

My session will focus on securing digital assets. The well defined security perimeter of days past is gone, and in its place, we have an increasingly complex and transformed enterprise ecosystem. Where before we had one location, with perhaps a firewall (and some additional controls) protecting the environment, today’s enterprise applications can be served from multiple locations, cloud environments and accessed by traditional and non-traditional means such as notebooks, remote users, via mobile smartphones/tablets etc. There is a strong shift from IT making decisions around how to serve applications to the organization and into the lines of business making such decisions. The increased complexity requires organizations to move to a data-centric perimeter approach, which I will expand further upon during the session.