LAS VEGAS — The importance of creating a defensible information security strategy and why it might make sense to migrate graphics workloads to the public cloud were highlighted by Kroll and Teradici representatives at the Content Delivery and Security Association (CDSA) Cybersecurity and Content Protection Pavilion April 25, during the NAB Show.
When Kroll security experts meet with clients to help them set up security strategies “we just try to focus on the critical issues because you can get bogged down in a lot of unnecessary details” otherwise,
Erik Rasmussen, Kroll managing director, North America Cyber Practice leader, said, during a session called “Creating Defensible Information Security Strategies.” And he stressed the importance of being “proactive” by setting up that strategy “before a breach, rather than after the breach” has happened.
Companies must have a security system in place that is “resilient,” he said, adding: “You don’t have to spend a quarter of a billion dollars, but you can’t have nothing” in place to handle a security breach “because an incident will occur.” If “reasonable measures” are implemented for that security system, a hacker would have to use “extraordinary” methods to enter a network and do significant damage to a company’s system, he said.
It’s important to have a security “framework” in place, as well as trained employees and executives on hand to deal with breaches at a company, he said, pointing out: “An entity is going to be compromised” and you must figure out how to deal with it. He compared it to the proactive steps that people take to maintain their bodies to guard against health problems.
Every business has intellectual property it must protect and each industry has its own set of “crown jewels” it needs to protect above all else, he went on to say.
When setting up the security system, “360 degrees of protection” are needed to combat suspicious activity seven days a week, around the clock, he said. It’s also helpful for companies to know where any devices that may be used and compromised are located, as well as who those devices are assigned to and exactly what’s on those devices, he said.
“Tiered frameworks are also very important” to have in place for a company’s security system, and it’s important to test the maturity of systems that have been set up, he said.
One thing for companies to be careful about is placing too much trust in technology in and of itself, he went on to say, telling attendees: “People think that by buying widgets and by putting things on their network, that’s going to solve your security problem, and nothing could be further from the truth.” Such security technologies that companies can purchase may help “supplement” one’s security system, but alone can’t be the complete solution, he said, adding: “People and processes also need to be air-tight in order for technology to work properly.” He noted that he’s seen breaches where a $5 million security tool has been “improperly built,” and may not have caused a breach, but also didn’t help and may have even got in the way of identifying a breach that occurred in a timely manner.
Teradici’s PC-over-IP (PCoIP) technology, meanwhile, can be used by companies to securely migrate their graphics-intensive workloads and applications to the public cloud, Mirela Cunjalo, senior product manager at that company, said in another session, called “Security and Other Key Considerations for Migrating Graphics Workloads to the Cloud.”
PCoIP “enables unprecedented security because no data, applications – anything like that — leaves the cloud,” she told attendees, adding: “Only encrypted pixels leave the cloud.””
Media and entertainment companies are among the many growing number of organizations that are moving to the public cloud, she noted. Factors that companies should consider when deciding whether to move to the cloud include whether their work forces are expanding, including contractors, she said, adding: “Public cloud is really good for that,” and can help people at those organizations to quickly start working on projects. Companies should also consider moving to the cloud if they have large data sets and need a lot of people from multiple locations who need to access that data, she said.
Other factors that must be considered are the networking infrastructure that a company has, whether it has enough bandwidth, and whether it has in-house IT expertise to build its own data center, she said. If it doesn’t have the latter, then the public cloud becomes an “ideal” solution because it’s “much easier to manage your environment” there and it can take a shorter amount of time to get started, she said. Financial considerations, including whether it makes more sense to rent or buy equipment, must also be taken into account, she said.