Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Information Security Promises Are Made To Be Broken

Home
Industry Insights
Information Security Promises Are Made To Be Broken

Blog Article Published: 08/25/2016

By Mark Wojtasiak, Director of Product Marketing, Code42

fingerMorality insists that people will abide by the law and do the right thing; those promises have and will always be broken.

Code42, along with almost every other major player in the information security space attended Black Hat 2016 in Las Vegas. Like every other Vegas trade show, Black Hat’s expo hall featured video screens, beer, popcorn and soaring banners over circus-sized booths. Nearly every booth offered sweet swag and some, a chance to win cash if you listened to their well-rehearsed threat warnings and the promise that their indispensable technology would identify, stop, detect, prevent, extract, decode, crack, and protect the enterprise against an army of intruders or individual bad actors.

Taking it all in, I came to one realization: security marketing is flawed. Booth to booth, banner to banner, sign to sign, even pitch to pitch, security decision makers are fed “information security promises” that we all know we just cannot keep. It’s not due to a lack of honesty, but a lack of velocity. We all know the bad guys are more nimble and collaborative, and they move faster to exploit vulnerabilities in software. We know it will be days, weeks, even months before we can detect and respond. It’s at the core of why the security industry exists in the first place. This is why we have BlackHat, RSA, DEF CON, InfoSecurity World, Gartner Security Summits, Cyber Security Summits, and dozens of other events.

How do we start to fix the flaw?

  1. Extend a hand: Dan Kaminsky in his keynote at BlackHat, evangelized a message that flies in the face of the competitive tradeshow landscape. He suggested—in lieu of competition—that information sharing about the endless supply of cyber threats would work faster to counter them. Our need to make things secure and functional and effective has just exploded…the need to cooperate, share code and fixes in the name of better security is now.
  2. Empower the user: Kaminsky went on to say, “people think that it’s a zero sum game, that if you’re going to get security everyone else has to suffer. Well, if we want to get security, let’s make life better for everybody else. Let’s go ahead and give people environments that are easy to work with…think in terms of the lines that you’re impacting, the time that you’re taking…”
  3. Enable the experts: Deloitte Cyber Risk Services researcher Keith Brogan told Infosecurity Magazine, “Sometimes products don’t work. But more often, they’re not being used correctly…organizations don’t always focus on how to use the products to enable business…people need to take threat intelligence, give it to the right people, and use it in informed, considered ways.”
  4. Embrace the reality: Dan Raywood, wrote in Infosecurity Magazine about Arun Vishwanath, associate professor at the State University of New York in Buffalo, who says people are the problem, that “the bad guys are really good at the social side and people are easier to compromise and once compromised, those attackers have got the keys to kingdom and that is the reality we grapple with.”

Modern endpoint backup is a good first step to making good on information security promises. Heck, that’s one of the main reasons Code42 exhibits at the likes of RSA, BlackHat and Gartner events. With visibility and control of data on the endpoints, organizations can protect and monitor data movement and restore data following any data incident. Modern endpoint backup is continuous, automatic, silent and simple. The user is empowered to not only protect data they store on their laptops, but restore when things go bad.

Securing end-user data makes the organization more secure and functional and effective—immediately—and closes gaps between IT, Security, Legal and HR teams to expose insider threats. By implementing this fundamental security layer, organizations embrace the reality that data loss is inevitable and that end users are both the target and the culprit of data theft, loss and breach.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

Share this content on your favorite social network today!

Latest from CSA
AI Summit at RSAC 2024
The State of AI and Security Survey Report
Data Resiliency Survey 2024
Trending This Week
#1 What is the Cloud Controls Matrix (CCM)?
#2 Zero Trust and AI: Better Together
#3 Test Accounts: Another Compliance Risk
#4 AI Safety vs. AI Security: Navigating the Commonality and Differences
#5 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
Enhance your cloud security skills with CSA's online training options.