Focus On Cyber Security: Ed Dubrovsky, OnX Enterprise Solutions
By Canadian Security
Ed Dubrovsky will be one of the featured speakers at Focus On Cyber Security on March 30 in Toronto. We asked Ed to provide a sneak peek at some of the major takeaways that attendees will learn from his session. For more on Ed and other speakers at Focus On Cyber Security, visit www.focusonseries.ca.
By Canadian Security
What do you think is one of the biggest misunderstandings about cyber security?
It is challenging to identify just a single item. Ultimately, what I am seeing all too frequently is that organizations are treating information security as a sprint rather than a marathon. The approach to both differs quite significantly. All too frequently, organizations tend to focus on the latest point-solutions in the belief that these solutions will offer a “quick fix” thereby increasing their overall costs and already complex and difficult to manage security portfolios, while frequently failing to fully deploy or utilize these same solutions. There is not a single information security solution that is meant to be a set-it-and-forget-it. Information security constantly evolves with the threat landscape and organizations need to adapt by having a clear long term strategy, one that can be measured and tweaked.
How important is it for physical and IT security professionals to work collaboratively?
Physical security is an integral part of information security and should never be neglected. It makes little sense to invest all available resources in securing information assets from digital attacks, and leaving a physical door to the data centre wide open. Motivated attackers will not hesitate to exploit a physical vulnerability if there is sufficient incentive in place.
What will be some of the more important takeaways from your session?
My session will focus on securing digital assets. The well defined security perimeter of days past is gone, and in its place, we have an increasingly complex and transformed enterprise ecosystem. Where before we had one location, with perhaps a firewall (and some additional controls) protecting the environment, today’s enterprise applications can be served from multiple locations, cloud environments and accessed by traditional and non-traditional means such as notebooks, remote users, via mobile smartphones/tablets etc. There is a strong shift from IT making decisions around how to serve applications to the organization and into the lines of business making such decisions. The increased complexity requires organizations to move to a data-centric perimeter approach, which I will expand further upon during the session.