Network systems must build in trust along with security
Network monitoring and of best security practices are must haves
By Ed Paradise, Special to ThirdCertainty
(Editor’s note: In this guest essay, Ed Paradise, vice president of engineering at Cisco’s Threat Response, Intelligence and Development Group, examines why trust is more vital than ever in the Information Age.)
Organizations today have two main concerns. The first is security. The second is assuring the integrity of the products and data in their networks.
Distribution security and integrity are key parts of a trustworthy solution. Therefore, the decision of where an organization buys its infrastructure is critical. Counterfeit or gray market products can use inferior components or illegal software. These unauthorized channels increase the risk of vulnerabilities and costly service disruptions.
A trustworthy distributor will guard against malicious modifications or substitution of technology and misuse of intellectual property. Trustworthy vendors should be able to demonstrate control over their design, development, supply chain, manufacturing and distribution processes.
To verify trustworthiness, vendors also should provide immutable sources of confidence that are integrated into their products.
Organizations need to continuously monitor and manage their network environment and systems to look for the latest best practices and be diligent in applying them. Diligence is key. Organizations cannot be satisfied with meeting the bare minimum required by compliance; continuous monitoring, auditing and forensics of infrastructure are critical. Then, as vulnerabilities occur, incident response and assessment teams can collaborate with vendors to address the breach or virus quickly and transparently.
Security & Privacy News Roundup: Stay informed of key patterns and trends
Transparency is a necessary element of trust. A trustworthy vendor should be able to confirm that its product has not been compromised. Vendors should be able to confidently attest that a product performs as expected based on the vendor agreements, and that it hasn’t in any way been modified or compromised between the time it’s sold and installed.
Organizations are under unrelenting attack, with security breaches happening every day. A global community of hackers are creating advanced malware and launching it via multifaceted attacks and through multiple attack vectors into organizations of all sizes.
These breaches tarnish reputations, deplete budgets and contribute to a loss in customer confidence. Governments also need to step up to the plate by properly weighing the economic costs in terms of damage to trust before they act, even in the name of national security. For their part, IT security professionals must respond with best practices that organizations can implement in advance of an event. These best practices also enable enterprises to respond quickly before, during and after an attack.
More stories about security and trust:
Poll: Americans have little trust in data privacy and security
‘Let’s Encrypt’ seeks to foster trust in web traffic
Bitglass embeds encryption security in a private cloud