Karen Roby talks with Ping Identity security expert about safeguarding the enterprise in a hybrid IT world.
Cloud Security Risks- Security for the enterprise is challenging, and it’s a broad issue with no sure-fire answers. But when it comes to humans and security, it’s never easy. Karen Roby talked with Richard Bird, a security expert with Ping Identity, about the enterprise. The following is an edited transcript of their interview.
Richard Bird: One of the most different things for people to hear and people being executives and boards of directors and investors, one of the most difficult things for them to hear is what most information security organizations and executive suites within the companies that they’re following are not sharing, which is, we’re not doing really well on information security. Historically, we didn’t do really well on information security. There was a big historical curve or an upward swing that was going through the 80s, 90s, around information security breaches. They were all related to these hard parameters that we built. People were launching massive denial-of-service attacks and everything was about trying to bring us down.
That landscape shifted, and that hockey stick dove around the 2008-ish, 2009-ish mark, where breaches came down dramatically. And the very next year they spiked. When you look at the history of this, from an enterprise security standpoint, this is really when malware and all of the actions and activities by bad actors to try and get inside of the organization without being discovered. And then using all of these accesses and credentials to break into everything without being monitored because they look like somebody that was supposed to be inside of the systems. That’s when that actually happened. And since that happened in the 2009-ish timeframe, that hockey stick over the last 10 years, has been enormous in terms of breaches and exploits. And it’s accelerating and the breaches are getting more catastrophic.
When we look at why, it’s because the information security models that we built, were built to keep everybody on the outside out. And there is no more outside anymore. Speaking with companies that are really thinking ahead, they’re talking about a world where there’s no perimeter. That is really an earth-shaking premise because what they’re saying is, is that we’re going to be able to use things like identity access control to be able to make sure that you are who you say you are, and we’re going to be able to run applications in the public cloud. Or we’re going to be able to run applications anywhere that we want to on the edge, and we won’t have to worry about all of these physical defenses.