One of the ways a lot of people are looking to get a better handle on the increasing amount of information is the cloud. It used to be thought of largely in terms of privacy, ownership and security, but it’s pretty clear that many cloud operations are safer than enterprise controls. In this overall cybersecurity discussion, what are you hearing and telling clients when it comes to the cloud?
When I talk to the hands-on experts, the technical people tell me the cloud enables you to have more of that in-depth security. As opposed to that perimeter defense, which any halfway talented hacker can get into, the cloud lets you at least compartmentalize your damage and risk. Having said that, there are concerns about connectivity and having all your information in one place. We’re just delving into it on the legal side of it, the contractual relationships and what the back-ups are. The cloud is an innovative and very efficient development, and it’s not the last one. One of the things in the cybersecurity order and even standards or best practices in general, is that they’re going to have to be dynamic. They’ll have to include processes for regular updates. With cybersecurity legislation and the cloud, the last thing we want to do is codify this innovation into law.
We always hear dire warnings on the security front. But what are some basics or easy initiatives a business can take on to become more secure in short order?
First off, there is a surprising amount of poor computer hygiene out there. Even updates on best practices and policies would absolutely make a difference at the business level. Basic things: actually having password protection and changes so, for example, your TV station doesn’t get hacked with jokes about zombies ... [laughs]. But businesses, if they’re not of the size where they can have a chief information security officer, what they ought to look at is at least have an analyst or consultant advise you on something like penetration testing. They can come in and see who’s playing around your security borders. Then, you at least have the knowledge to strengthen your vulnerabilities.