At the #RSASummit earlier this week there were three keynotes, which along with my current thinking around microservices for retail consumer data, and right action right time analytics presented an interesting orthogonal use case I’d not thought of.
The idea of Big Data Analytics in general is to make use of a sea of data (or a lake, if you prefer) to perform predictive analytics, insight, and generally use clever heuristic or other algorithms to tell you things you couldn’t have found out with a million monkeys and infinite time. Because of my current work with retail this for me has meant interacting with customers in the right way, at the right time, on the right channel.
However, the RSA boys have started preaching an alternative security model to the “Prepare to repel borders” perimeter focused security I certainly am used to. I’m no security expert so this may not be news to people in that space, but I found it really interesting what the alternative view is, and where it leads.
Essentially the security community is moving away from perimeter defence focussed to security - prevention, in other words - to analytics - detection. This is taking some time to work it’s way through the board rooms and across the golf courses of senior boards, but it’s a really important step.
Let us assume, for a start, that security breaches WILL happen. It’s inevitable. What tradiitonally happens then is a massive effort to work out what has happened, how, and how to stop it again - if the breach was even detected in the first place, and this is an important point. It is in most hackers interests to not even let you know they were there, so you leave the door open.
Introduce an analytical model - this anticipates that breaches will happen but automatically flags up when they do based on unusual activity. This means that the actual security event could be shut down way quicker than normal, and reports generated to try to close those back doors down.
Combine this with the quite inspiring take on employee freedom and you have a quite different model to the one I’ve seen in any large company I’ve been in.
In order for an analytical model to work you need the data. Currently the perimeter and blocking hard handed mechanism employed by most IT depts. means employees find workarounds - Dropbox, or SSH tunnelling - external VPNs - whatever they need to use to get their job done. The problem is none of these can be monitored by the organisation. The employees just need the tools to do their job, so introduce SSO on the web proxy, and generally allow employees to use what they want and now you can analyse usage on your network much more effectively.
This may mean you let employees use Facebook, but I put it to you that if you stop them doing this on your machine they’ll do it on their own machine, or on their own 4G dongle, and now you have no control or worse, any view on that behaviour, so if someone DOES use malware to take over control of a corporate PC there’s a lot less a chance of you seeing it.
No comments:
Post a Comment