There is arguably no more important role today in Information Technology than that of Information Security. It’s a complicated landscape andthere is no silver bullet for solving or preparing for an incident. There is no “industry standard” like there may be for other divisions, like Hotel Management or Sales. There is not even consensus on the approach.
I have found it important to know what you are protecting and to take a specific and measured approach to each segment. You may have a need to protect a set of applications, websites or other hosted content. You may have a need to protect a server facility both electronically and physically. Additionally, you may be tasked with protecting a single person’s brand. I have yet to come across one piece of software, standard practice or company that can do all those things effectively. I think it’s important to look at them individually. Sure, it means managing multiple software platforms and various vendors in addition to establishing multiple standards for your teams to follow - and although there are obvious pitfalls that come with that, I don’t believe you can have comprehensive protection with the “one throat to choke” approach.
There are certainly vendors that excel at various segments like endpoint protection. Endpoint protection is the most established facet to Information Security. We use three that are terrific. It’s when you move past that to the more intuitive components of InfoSec that it gets tricky. I feel it’s here that companies get bogged down. It’s easy to lose focus of what you are protecting in the deluge of logs and data that programs provide. At the Trump Organization, we pay particular attention to the human element of Information Security. Working with various sources to understand the attack vector is importantto understand the vulnerability and customize the approach. Cyber attackers are increasingly prevalent and attacker goals range from denial of services and hunting for personal data to attempts to take over environmental systems and large-scale utilities.
IoT is becoming a more challenging landscape every day. Today’s workforce expects to have access to the most modern technology. In many cases, these are consumer grade products not designed to be integrated to a workplace infrastructure and thus the added complexity of having data points in so many places puts a real strain on the infrastructure to capture all the necessary data.
As much as we try to mitigate all possible problems, it’s almost inevitable that there will be an intrusion of some kind. It’s at this point that we really see what we’re made of. The importance of proper network segmentation cannot be overstated, as we have seen numerous breaches that have exploited poor segmentation over the last several years. This is an area where there is consensus of approach. There are many resources available to navigate this area. It is also key to have strong lines of communication among the Security, IT and Operations teams, as well as the 3rd party vendors. It sounds basic, sure, but it’s vital. It’s easy to get tunnel vision when you are focused on a task.
Information Security isn’t the most glamorous facet of Operations, but it is one of the most important and potentially the most rewarding!