Photobank - Fotolia

Manage Learn to apply best practices and optimize your operations.

Evolving tech forces fresh look at IT security processes

In this Q&A, vArmour CISO Demetrios Lazarikos discusses how rapidly advancing technology is influencing how companies plan and train employees on new IT security processes.

As business processes become increasingly digitized, rapidly advancing technology can provide automated, real-time data analysis to help reduce operational costs and increase efficiency. But as businesses strive to take advantage of new technology, the huge amounts of data being generated is forcing businesses to re-examine their networks to ensure company and customer information stays protected.

During a recent virtual trade show sponsored by TechTarget and ISACA, vArmour CISO Demetrios Lazarikos discussed how new technologies -- and the data being generated by them -- are influencing modern companies' IT security processes. During his presentation, titled "How IoT and New Tech Changes Modern Cybersecurity," he discussed the new IT security protocols necessary to avoid information risk when performing real-time, big data analytics. Here, Lazarikos answers VTS audience questions pertaining to IT security processes and best practices that he didn't get to on the day of the show.

What is the major security concern for medical research applications installed on mobile devices?

Demetrios Lazarikos , CISO, vArmour Demetrios Lazarikos

Demetrios Lazarikos: Great question. I worry that the application may have been built without security in mind. What I mean by this is that any application should go through an architecture and tech review by qualified, trained professionals. From my work in this area, I strongly recommend that organizations hire an infosec practitioner for this function, or contract it out to a reputable firm. Also, remember that there are scanning tools available now to scan the mobile device code to look for vulnerabilities before the application has been released to production.

What is the real threat, and what is at risk in the internet-of-things (IoT) arena when it comes to the industry or the business?

Lazarikos: IoT is moving rapidly to integrate systems, networks and data together. I believe the threats will increase due to something being overlooked with IoT devices or that the device isn't built with security in mind.

How can technology teams, such as IT security or IT audit, respond to the business teams that push back on considering key IT security controls during implementation projects that involve electronic information and information systems?

Because of the nature of what we do and the constant change in our industry, it's critical to have infosec training budget for practitioners.
Demetrios LazarikosCISO, vArmour

Lazarikos: Working with business teams that are moving so quickly can be challenging. From my experience, what I've seen work is partnering with the business to be sure it includes exit criteria during the architecture and technical design phases of building an application. During these two phases, practitioners can figure out pretty quickly if PII [personally identifiable information] or sensitive data requiring mandatory compliance will be affected. If the business is willing to overlook these mandatory regulations, then maybe it's time to educate your legal team about some of these practices.

Additionally, you may want to speak to an executive sponsor about some of these practices. At the end of the day, if something bad happens in the organization with these particular projects, chances are you'll be asked to provide some insight about what you knew and how you made the business leaders --and your boss -- aware of the gaps or risks. Always document what you did as part of ensuring the business was aware of the risks.

What are your thoughts on spending resources on cyber-awareness training, especially for SMBs with limited funding? Should resources be focused somewhere else, or is training now a critical part of any security posture?

Lazarikos: Budget constraints affect everyone. Because of the nature of what we do and the constant change in our industry, I believe that it's critical to have infosec training budget for practitioners. SMBs are usually limited by travel and training expenses -- that's why I encourage everyone to check out the ISACA- and TechTarget-sponsored training series. There's also a ton of information out there on the web with infosec training by topic, such as networks, systems, application security and mobility. You just have to find your niche and explore what's online to help you if you have budget constraints.

Another place you can find out what's going on for training is a meetup in your area, or check out ISSA, ISACA, (ISC)2, or OWASP meetings to learn more.

Next Steps

Read more about modern IT security controls and strategies:

The M&A angle to IT security assessment services

A CIO guide to IT security processes and best practices

Cloud security: Addressing redundant controls

This was last published in October 2016

Dig Deeper on Risk management and compliance

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you think new technologies are influencing companies' IT security processes and controls?
Cancel

The evolution of new technologies especially mobile devices has brought another dimension to the way company's data is being secured.

With the mobility of an organizations data on mobile devices, equivalent security configurations have to follow these mobile data wherever it goes.

The security perimeter has now changed from the company's networked environment to the global world and so securing the mobile data has become a challenge now.

Cancel
Mobility definitely has forced companies to reconsider the way they keep business data secure. I think the biggest problem is that so much more of the security responsibility is in individual employees' hands now- with so many more mobile devices connected to the company network, and more employees working remotely or on a contract basis, it makes it difficult for companies to micro-manage their data security efforts due to these disparate access points.
Insider threats - both malicious and accidental-- continue to be a big problem. Companies have to do better in regards to training employees on their role in business data protection, and to be careful about the way they use and transfer company data on mobile devices. The trouble is, will employees listen? 
Cancel

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close