Security best practices: CIOs from IBM, Intel, and Symantec share their lessons learned
The importance these days of protecting your business from security threats
is clear. But how to do it well often remains a vexing problem. Major IT vendors
have faced this challenge like everyone else -- but with a twist. As providers
of security technology and IT systems vulnerable to threats, they've had to
stay a step ahead of everyone else. That's why CIOs of technology stalwarts
IBM and Intel
and security technology provider Symantec
have taken on security management as one of their key functions.
These CIOs have had to do more than take on the usual responsibility for driving
their respective companies' efforts to defend their infrastructure, employees,
and corporate reputations from any fallout related to data breaches or compliance
violations. They've also had to be the in-house beta testers for a generation
of new technologies their organizations hope to sell to customers. This balancing
act demands more of their time and energy now than at any other point in their
careers, all of the executives said.
Security affects all of it
"When I look at the risks here at Symantec, I know that we have to maintain
a multilayered approach to protecting our IT assets: our ERP data, intellectual
property, customer data, and personnel data. Managing the risk around all of
that is a significant responsibility for me and my team," said David Thompson,
CIO at Symantec.
"We have multiple large pools of information that are critical to our
organization, and we're seeing more of that data move further toward the boundaries,
toward the end points," he said. "My job is getting more data into
the hands of our business units, but that creates a lot of risk in terms of
where it goes, who has access to it, and what they are using it for, along with
the risk of it being exposed."
Even Thompson, who ranks his ability to "eat Symantec's own cooking"
-- or use all of its security and compliance technologies -- as a huge advantage
compared to CIOs working in other firms, admits that trying to keep up with
all of the threats and regulations, as well as all the new products, is an effort
that can become all-consuming.
The key to staying ahead of the attacks and laws, while not spending too much
of his time focused on security, is delegating to a strong team of experts and
prioritizing which projects to tackle based on their criticality to Symantec's
business. "As a business leader and IT executive, if you take the view
of trying to fix everything, you'll never sleep a wink. You have to assess risks,
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
