The Art of the Possible: Be the Security Mentor

The IT world is changing. It’s no longer enough to build firewalls against known threats. Now the CIO must anticipate how these threats will evolve in the future. Cloud computing is becoming the norm, while online threats are growing. The Internet of Things (IoT) and smart devices have now taken hold in the office. These developments place many demands on the CIO, who is required to:

  • protect against attacks while ensuring a seamless user experience
  • maintain control over data while enabling unconstrained access to and from the internet
  • always guarantee full network availability

Balancing these competing—and paradoxical—priorities is a challenge in many organizations. By assuming the role of Security Mentor, CIOs can address these critical issues:

How does IT balance business needs with the need for security?

According to a recent global survey, most IT security measures affected productivity negatively. To resolve this issue, controls should be put in place to protect critical data. Employees should also be given training on how to keep information secure. These controls will not be successful if they impact workflow and efficiency. As Security Mentor, the CIO balances digital innovation against essential security processes.

How do organizations keep applications secure?

Reports that the US military had experienced a cybersecurity breach surfaced this year. The popular fitness app Strava publishes GPS location data taken from fitness trackers. Heat maps showing fitness activity revealed details about overseas military bases. The default app setting was for GPS data to be shared anonymously.

Joey Peloquin is the director of cloud security operations for Citrix. He offers these tips to help developers address application security:

  • Make security an integral part of application design. Use threat modeling to design software that’s secure from the outset. Use the talents of your IT security team by challenging them to break the app.
  • Never hardcode passwords into an application. Provide single sign-on and multifactor authentication. Encrypt sensitive data using industry-standard strong encryption.
  • Make security user-friendly. Consider eliminating rules about password complexity and rotation. Instead, use an interface that guides users to create an appropriately long password. Install a password manager to help users choose complex passwords.

Above all, says Peloquin, users should be encouraged to “vigorously defend … privacy when [they’re] outside of the enterprise.” The CIO can balance the needs of developers and users when designing applications.

How can organizations secure supply chains in a digital environment?

Complex supply chains cross many international borders. As a result, companies must exchange sensitive information with multiple partners. Information-sharing is necessary, but it also increases security risks. According to Chris Mayers, chief security architect at Citrix, the supply chain is the weakest link for many organizations.

In addition, businesses must perform due diligence when adding providers to supply chains. Still, many vulnerabilities remain. A recent U.K. survey showed that only 35% of IT security audits were “very comprehensive.” Also, half of these organizations experienced data breaches in the previous quarter. The CIO can work with IT to perform comprehensive security audits for every partner. Results should then be actioned appropriately.

The Security Mentor is an advisor, a leader, and an advocate. They work with all stakeholders: management, IT professionals, and customers. In this way, they can lead their organization past technology and security challenges.

Citrix’s NetScaler: The First ADC to Integrate with Cisco’s Nexus Fabric

Citrix's NetScaler: The First ADC to Integrate with Cisco's Nexus Fabric

On April 8th, Citrix announced a collaboration with Cisco that produced the first application delivery controller (ADC) with integration into the Cisco Nexus fabric. Read on to find out what this means for you, and why you should care.

[Read more…]

The Fad That’s Become The Unstoppable Force [Citrix, Cisco]

How BYO programs and desktop virtualization are helping IT fearlessly get ahead of the consumerization trend.

Consider these recent statistics:

  • In the last year, sales of smartphones and tablets exceeded those of PCs for the first time. By 2013, they will be more than double
  • 52% of employees now work 1 to 2 days a week outside the office. Nearly 80% work out of the office at least at some point during the week
  • 1/3 of employees are using unsanctioned apps on their corporate PCs
  • 42% of employees use three different computing devices – PCs, tablets, smartphones – in any given day

For years, IT trends usually emerged in the business world and eventually trickled down to consumers. PCs were a good example of this. But today, the tail is wagging the dog, with consumers purchasing computing devices often better than the ones they’re issued at work, then asking that they be able to use them.

[Read more…]