Sunday, November 22, 2015

The future of data security: An interview with Dell Fellow Tim Brown

The Dell Fellows program recognizes engineers for their outstanding and sustained technical achievements, engineering contributions and advancement of the industry. They are also seen as top innovators that have distinguished themselves through ingenuity, intellectual curiosity and inventiveness in the delivery of technology solutions. For these reasons and more, I couldn’t pass up the opportunity to speak with Timothy G. Brown, Executive Director Security and Dell Fellow. During our broad-ranging discussion, Tim shared with me his exciting view of security in the not too distant future.

Kevin Jackson: Tim, I am very pleased to meet with you today. Thank you for taking the time.

Tim Brown: No problem Kevin, The pleasure is all mine.
Jackson: Before we look into your crystal ball, would you please explain your role at Dell?

Brown: Sure. I’m a Dell Fellow, one of eight Fellows across the company. We focus on looking at the future of technology and how we can innovate to make Dell better. My primary focus is on Dell security solutions.

Jackson: What has changed in the cybersecurity marketplace over the past 12 months?

Brown: There are many changes going on in the marketplace. Not only are the adversaries changing, but products and solutions for protecting enterprises are also changing quickly. In security, change is driven by those forces looking to gain access to our customer’s data and information. That adversary is getting more focused, delivering more crimeware, perpetrating more targeted attacks and testing new criminal business models.

Jackson: Do these so-called adversaries operate as a business?

Brown: They absolutely do. These groups are running multi-billion dollar businesses with a main goal of keeping that money flowing. They continually make investments in finding new models. The

Thursday, November 19, 2015

Hybrid IT Governance: Automation is Key

As cloud computing continues to grow in importance, enterprises are now facing a new realization.  In their almost rampant embrace of cost savings associated with public cloud, many are just now understanding the information technology governance challenge posed by vastly different traditional and cloud computing operational models.  Often referred to as hybrid IT, supporting both models has left many executives trying to cope with a lack of hybrid IT operational experience.  Challenges can also include security concerns, financial management changes and even dramatic cultural changes.   

This myriad of challenges translate into enterprise risk across multiple levels, namely:

  • Organizational management and governance;
  • Accelerating business process speed and scope;
  • Expanding business partner ecosystem; and
  • Broadening enterprise information system user base.

To be successful, organizations should explicitly address these risks with a focused risk management strategy.  This strategy should not only address holistic activities that integrate across the business, but also on coordinated activities for overseeing and controlling high impact and high probability risks.  Some areas may even warrant organizational policy and governance enhancements include:

  •  Delegation of management decision authority to those responsible for everyday interactions with the organizations business ecosystems and IT supply chain
  • Establishment and communication of cloud ecosystem related risk tolerance through Service-Level Agreements (SLA), including delegated authority on decisions that impact the risk tolerance;
  • Near real-time monitoring, recognition, and understanding, of information security risks arising from the operation and/or use of the information system leveraging the cloud ecosystem; and
  • Organizational accountability around incidents, threats, risk management decisions, and solutions.

Figure 1: Risk Management Framework (NIST SP 800-37 Rev. 1)
Specificity around security processes, business resilience and financial management are paramount.  The dynamic and agile nature of modern business also demands using a relatively high degree of