The IT security landscape is changing every day and staying at the forefront is critical to protecting your business. We sat down with Involta’s Chief Information Security Officer, Annalea Ilg, to discuss some of the most pressing security challenges companies face today. In the first of our three-blog series, Annalea explores the importance of creating secure environments from the start.
What's the most important aspect of security? People, process, or technology?
Security needs to be addressed in layers, and all layers need to be in place for an organization to be successful. I’ve seen organizations buy a bunch of different security tools that end up “dying on the vine” due to lack of management. I’ve also seen strategies to “save a buck” by putting strong processes in place instead of buying tools, only to be bitten by human error. Technology and automation are the keys to a secure future. By putting the right tools, technology, and processes in place, you will empower your security support team so that they can focus on solving the big problems. This layered approach is the hat-trick to creating a secure environment.
How do organizations come to grips with the upward number of mobile devices that are managed and unmanaged in their network right now?
Mobile devices make your workforce more agile, and from a C-level perspective, organizations should be using as much Internet of Things (IoT) as possible because it provides efficiencies. As long as security and technology are aligning with overall business goals, IoT can be incredibly powerful.
From a security technology perspective, organizations should develop an overarching IoT platform. Start by creating a foundation and standards that align with business goals, and be sure that vendors and devices go through a security review process prior to being approved as a usable option.
One simple tip is to set up an IoT network that has a strong firewall role to enforce isolation of IoT and trigger awareness when a new device or vendor comes online. IT departments can also incorporate an internal digital search PKI solution to enforce identity management and device control. At the end of the day, hardening vulnerability management is key to securing any device on your network.
How do companies like Involta secure data so that it can’t be intercepted between on premises and the public cloud? Are there tools or procedures in place to protect the secure data?
Our approach supports a security-first mentality. First, all components in the data path are classified and secured based on function. Adding tool protections and monitoring is key, as well as enabling encryption technologies to support data in-flight. A direct connection, securing storage, and virtualization is also a dependency.
There is no single solution for protecting your data as it moves. Rather, it’s important to create a solution that works best for your organization’s unique needs. Understanding how your environment is set up on the front end will determine what solutions work best for you on the back end.
Want to hear more from Annalea? She will be co-hosting a webinar with Alert Logic on May 19th. Register here.
About Annalea Ilg
Annalea Ilg, Chief Information Security Officer (CISO), joined Involta with more than 15 years of information security and compliance experience. As CISO, Ilg runs the Quality, Security, and Compliance department. She manages holistic risk and provides valuable solutions to protect the security, integrity, and continuity of critical organizational functions, and a team of forty individuals within Security, Service Management, Project Management, Compliance, and Vendor Management.
Ilg is passionate about solving risk, promoting culture change, development, and executing strategy into leading-edge technical solutions.