What are your top three recommendations to security professionals in order for them to maintain or improve organisational security?
First, understand that there are limitations to implementing tactical and reactive defenses against cyber-attacks. In today's world, it is no longer sufficient to adopt a corporate-wide defense based on historical technologies. In Check Point's view, utilising what we call "Software-Defined Protection (SDP)" is a much more effective approach that integrates security with business processes, delivers real-time protection to enforcement points, and inspects incoming and outgoing traffic and enforces protection.
Second, educate your users relentlessly on how to secure data, and ensure these security policies in an innocuous a manner as you can.
Third, think global and tap on the resources of the world so readily available to any administrator, to ensure that your network and data defense is always keeping in step with the industry as well as the emerging threats out there. For example, the Check Point ThreatCloud integrates global security information to provide up-to-the-minute security intelligence that can help administrators stay current with any and all threats.
How do you foresee the future landscape of security in the enterprise setting?
Judging from past and recent history, cybercrime is going to get worse. With issues like OpenSSL and GnuTLS vulnerabilities in the news recently, what was perceived as secure may or may not be, and that is extremely worrying given that e-commerce and secured portals power many businesses today.
Another area that is increasingly important to be security ready is mobile devices. Already, tablets have replaced some desktop and even laptop computers for users, and smartphones have replaced even tablets or some computing devices for some users in various usage scenarios, and this trend will continue with smartphones having the computational power of supercomputers of old. Mobile security is still nascent and not many administrators have taken advantage of existing and emerging security technologies that can secure such mobile devices. That needs to change, and soon, given that a great majority of people today own smartphones.
Lastly, another area that needs serious examination is the progressive migration to cloud technology. With many corporations outsourcing their IT processes and technologies to large cloud providers, the key question remains whether such cloud providers can continue to stay on top of security for their paying customers, given that security lapses for cloud services are not unheard of.
Sign up for CIO Asia eNewsletters.