"We are also expanding in the U.S., and to give our American users a bit more assurance, we plan to go through a SOC2 Type II audit. A clean audit report is another thing I'm hoping for 2015.
"We trust our existing security controls and the information security management system is in good shape to be awarded these certifications. However, it may not always be the case for our contractors. We work with data center service providers that own state-of-the-art facilities with physical and environmental controls that go above and beyond the industry standards. But that does not mean they are certified by an independent third party. And when they are not, it's up to us to make sure they play by the rules. It would be so much easier if they carried certifications for the services they offer, saving us the time and audit money. So my biggest wish for 2015 is that our data center service provider gets an ISO 27001 certification and a SOC2 Type II Audit report!"
Richard Greenberg, information security officer at Los Angeles County Public Health
"My first wish is for companies to thoroughly test software releases before release to customers, reducing the need for patching and fixes, processes that bring all sorts of problems. Clearly this is a wish, but one where we, I am sure, can all join in together. Oh, and what about 'secure' software development by these same companies? Wouldn't that be an amazing wish come true? We engage in a very varied security awareness program, but I am closing my eyes every day and wishing that no one clicks on those darn pesky links! Phishing is becoming more rampant than ever, and a large problem for all companies and organizations. As long as I am wishing, how about an office with a huge bay window?"
Roland Cloutier, CSO, Automatic Data Processing Inc.
"Complex analytics in a box. Security intelligence and analytics are big components of our program here at ADP. As we get smarter on how and where to use our significant capabilities with regards to data collection, we are seeing an increasing need for specified analytics to support multiple portions of our converged security program. When considering scaling independent point solutions for command-and-control identification, malware identification or fraud detection, driving critical outcomes become less cost-effective. Under the tree this year, it would be great to find a partner that provides modular pre-canned analytics that can scale to line speed across billions of events and with vendor supported artificial intelligence, coupled with machine learning algorithms designed specifically for my environment.
"Line speed cross-platform encryption for data access and data use. As we redefined the way we deliver data, content and services to our clients, we are driving an agenda that demands total end-to-end encryption with tokenized access management even at the service & support level. I can only hope that the man in the red suit sees my name on the 'good list' this year and helps [deliver] an automated encryption technology platform that can support client transactions, service bus platform management, security interrogation, and other functions across multiple product sets under one globally managed and redundant encryption provider. Will that fit in a stocking?"
Sign up for CIO Asia eNewsletters.