Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Essentials for CIOs: Ensuring a more secure future


Published on

There are three key trends and emerging issues that need our attention in order to ensure a more secure future. There will be more potential vulnerabilities as society increasingly relies on intelligent systems. These systems will generate more data than we have ever seen before. With more to secure, we will need to greatly expand our efforts around security education and skills.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security Essentials for CIOs: Ensuring a more secure future

  1. 1. IBM Center for Applied Insights Executive Series Security Essentials for CIOs Ensuring a more secure future In August of 2012, a group called “Cutting Sword of Justice” claimed responsibility for an attack using the Shamoon virus Highlights: on 30,000 work stations at the Saudi oil giant, Aramco. The virus corrupted files and left machines unusable, shutting There are three key trends and emerging down the company’s administration for a week. For CIOs, issues that need our attention in order to ensure a more secure future. There will Shamoon and other recent attacks provide vivid glimpses be more potential vulnerabilities as of a potential future for information security. society increasingly relies on intelligent systems. These systems will generate more data than we have ever seen before. The knowledge required to create and use such malware is all With more to secure, we will need to but certain to spread and grow, providing criminals, industrial greatly expand our efforts around security spies and rogue states with more powerful weapons. Potential education and skills. targets will multiply as computers assume greater control over ever more operations in our society, from traffic management to intelligent buildings to robotic surgery. If IT security looks like a daunting job today, one abounding in risks and complications, we have two words: Just wait. In our Security Essentials for CIOs series, we have covered the most important risks and challenges facing CIOs today — from cloud computing and social networks to the proliferation of the mobile devices employees bring to work every day. The lessons have echoed similar themes. Enterprises must develop smart policies and best practices. They must extend a risk-aware culture throughout the work force, even to partners, contractors, and suppliers. These initiatives require strong support from the highest levels of each organization, because their viability itself is at stake.
  2. 2. Executive Series Security IntelligenceIn this last paper, we’re going to look at three challenges One of the ways to do this is to build and implement analyticdriving the future of security. It’s a world in which the systems to help better detect anomalies and risks. This rangesoperative word is not great, but greater. There will be greater from patterns of financial transactions to the shifting behaviorvulnerability with increasing numbers of intelligent systems of individuals. The trick will be to gain vital insights from thecreating more potential targets — from autonomous vehicles coming avalanche of data, and better secure entire informationto smart grids. All of these systems will generate a greater ecosystems, without intruding on privacy. Recognizing this,amount of data than we have ever seen before. This means IBM recently acquired Q1 Labs, to provide our customersthat we will need to develop our security skills at an even cutting-edge security intelligence capabilities.greater pace to keep up with the threat. Challenge #1: There will be more to attack — Over the next 35 years, the world’s population is expected IBM estimates that 2.5 quintillion to grow by more than 2 billion — almost another India bytes of data are currently created and China. These people, most of them living in cities, will require food, water, energy, transportation, and other services. every day.To provide them by using today’s methods is likely impossible, and certainly unsustainable. The drive for cheaper and more sustainable services will fuel the development of smarter These challenges are also fueling many initiatives at IBM cities. This means that in many cities, transport, utilities, Research. The company’s Stream Computing products, for healthcare and public safety will be monitored, measured example, enable enterprises to process multiple streams of data, and optimized by advanced information systems, many structured and unstructured, in real time, and to draw insights of them automated. Networks will extend to include billions from them. This type of technology should help to connect of sensors and actuators, bringing alive the long promised disparate dots that point to potential security events using the“Internet of Things.” This trend represents a mammoth next generation of security intelligence. The Unstructured growth market for technology companies. But it requires, Information Management Architecture (UIMA), a software from the very initial design stages, systems with the architecture most famous for powering Jeopardy-winning highest levels of security. Watson, provides a structure for sifting through petabytes of data. Including natural language, it searches for correlationsYou wouldn’t try to install seatbelts and airbags in a car going and generates hypotheses. A future version could be traineddown the highway at seventy miles per hour, or put in a to spot areas of risk.collision avoidance system on a plane while it’s landingat an airport, right? To avoid these kinds of situations, when Challenge #3: The need for more skilleddeveloping our own software and systems, we live by the professionals — Security in the coming decade will requirephilosophy of security by design and use the IBM Secure a massive influx of brainpower. To confront growing threats,Engineering Framework.1 The framework is a set of governments and enterprises must educate and recruit a newsecure engineering best practices that helps us make sure generation of security experts to build and secure the world’sthat the global digital infrastructure we are helping to create vital streams of information. is secure from the very beginning, not something we thinkabout after the fact. A 2011 report by Frost & Sullivan, the Global Information Security Workforce Study, estimates that jobs for securityChallenge #2: Securing Big Data —The amount of professionals will expand from 2.3 million to 4.2 million byinformation that companies and governments manage will 2015.4 But the greater challenge is to nurture a security elite,continue to grow exponentially as new streams of data capture with teams prepared to engage at the highest level with thethe activities and behavior of citizens, employees and customers. most brilliant virus architects. Jim Gosler, founding directorIBM estimates that 2.5 quintillion bytes of data are currently of the CIA’s Clandestine Information Technology Office,created every day.2 By 2020, some estimate that we will see warned in a 2010 National Public Radio interview that thea 4300% increase in data generation.3 How will we keep all talent deficit at the skills stratosphere is severe. He says thatof this highly valuable data secure? How will we ensure that only 1,000 world-class luminaries are working to protect globalthe data maintains integrity across its life cycle? networks, and that 10 to 30 times that number is needed.5 2
  3. 3. Executive Series Security Intelligence There are two things that organizations may do to address Join the conversation this skill gap. In the short term, some companies might To read additional articles, learn more about Security Essentials outsource to manage their security environments better. for CIOs, or share your thoughts with other security leaders join IBM has invested heavily in this capability, and operates ten us at security operations centers around the world. The second, longer term solution, is to make a dedicated effort to advance About the authors math and science education. IBM Research is currently Kristin Lovejoy is General Manager of IBM Security Services. working to create a platform for the academic community She can be contacted at to share pragmatic views of cybersecurity needs from a business perspective. We have begun to work with leading Joanne Martin is Vice President of IT Risk and Chief Information academic institutions and government organizations toward Security Officer, Office of the CIO, IBM. She can be contacted building the curriculum, skills, and expertise needed for the at future. We are also developing plans to help improve skills in regions where security practices are less mature. But even About IBM Center for Applied Insights if this effort to nurture a generation of security stars meets The IBM Center for Applied Insights ( with success, it’s only part of the solution. introduces new ways of thinking, working and leading. Through evidence-based research, the Center arms leaders with pragmatic guidance and the case for change. The Global Information Security Workforce Study estimates that jobs for security professionals will expand from 2.3 million to 4.2 million by 2015. Source: Frost & Sullivan The future of security cannot be guaranteed by small groups of security savants or purely through the implementation of cutting-edge technologies. For organizations and society to address fully the three challenges above, it requires a joint effort. The message must come from the top, and it must spread. The only enduring answer to the challenges we face is to create a more risk-aware culture, one in which every single person instinctively understands the risks and accepts the responsibilities that come with living and doing business in a hyper-connected world.1 to_explode4 The 2011 (ISC)2 Global Information Security Workforce Study Study_020811_MLW_Web.pdf “Cyberwarrior Shortage Threatens U.S. Security”, NPR.org5 3
  4. 4. Executive Series Security Intelligence © Copyright IBM Corporation 2012 IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America October 2012 All Rights Reserved IBM, the IBM logo and are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. Please Recycle WGW03017USEN-00