Archive for the ‘Security’ Category

Striving To Be Less Necessary: Developing Future Security Leaders Is Crucial

I would no doubt turn a few heads if I said, “I’m trying really hard to get to the point where I make no decisions and do no work.” But the fact is, if I ever got to that point as Senior Director for EMC’s Global Security Office, I would be an extremely effective leader by developing my team to lead without me.

I don’t expect to get to that state of leadership obsolescence any time soon. However, I know that a crucial part of being a leader in today’s new Information Security paradigm is working to develop future leaders in our organizations. And one of the hardest things about leading is developing leadership skills in others because as you do, you frankly become less necessary.

Those are some of the points I explored in a workshop about Developing Cross Functional Leadership Skills at the 2014 RSA Conference in San Francisco.

While I am sure that many of the conference attendees will be there to learn new technical skills to be better leaders, these skills are only one of many ways leaders gain power and influence in their organizations.


2013 Global IT Trust Curve Survey: The Impact On Today’s IT Decision Makers

Dell IT Proven

Dell IT Proven

Dell IT
IT Proven allows you to leverage Dell IT’s first-hand knowledge and best practices to accelerate your own IT transformation journeys, transforming operations and delivering IT as a Service through the power of cloud computing. IT Proven highlights how Dell IT transformed into an agile, innovative, and competitive service provider.








Today, EMC and RSA announced the results of the first-ever Global IT Trust Curve Survey. Through a survey of 3,200 IT and business decision-makers in 16 different countries and 10 industry sectors, EMC took the pulse of C-suite audiences and their awareness and opinions of EMC Trust IT — Advanced Security, Continuous Availability and Backup & Recovery.


The Era of Protecting By Enabling: Securing Enterprise File Sync

Dave Martin

Dave Martin

Vice President and Chief Security Officer at EMC

IT managers today are on the forefront of information delivery services. Users are demanding highly available and secure data transfers that are flexible enough to serve them on the road and multiple devices. The days of traveling physically to a secure location to access a file are fast becoming extinct.

Technology transformation has a major impact on how and where we share information, so it’s natural to expect it to also impact how we provide trust for that information. We stay connected across more devices than ever, in more places. It no longer makes sense to apply old methods of static controls and expensive locks, which mimicked our approach to security of physical locations, in a fast-paced, widespread environment. Traditional methods applied to modern data flows ultimately hinder even authorized processes and builds bottlenecks, which prompts users to seek out other service providers.

That is why new and more complete enterprise solutions have been developed to meet the requirements of the end-user as well as IT and Security; they are flexible enough to enhance whatever users have, wherever they are, and make enterprise file sync and sharing (EFSS) easy yet trusted. Better service means more visibility and control while delivering automated and safe EFSS. Users gain the access they demand and IT reduces risk, once the following three key elements are present:


Security Rules To Live By: Using Your Best IT Judgment

In the world of cyber security, we have reached the point where we feel the need to codify security behavior by telling people what to do and what not to do. But sometimes I wonder if security policy should rely on a much simpler approach—the notion that  people already have a sense of right and wrong and should be encouraged to use their best judgment.

Certainly, security policies are complex. There are many of them and they are scattered around all over the place. But so is the law. And when was the last time you had to pick up a law book to know what’s right or wrong? In most societies, the law stems from basic commandments. Most of us have those principles drilled into us from when we are young. So we might not know specific laws, but we have a sense of right and wrong.

When I grew up in Glasgow, Scotland, my mother would use a phrase that would drive me insane. When she’d tell me I couldn’t do something I wanted to do and I’d ask why, she would say “that’s not the done thing.” I’d always wonder what this “done thing” was. The done thing was, of course, what was normal for society to do.

It seems like we sometimes forget that people have a sense of right and wrong when it comes to behavior in the workplace. One well-known exception is retail giant Nordstrom which, up until several years ago, used a 3 by 5-inch card as its “employee handbook.” It listed “Rule #1: Use your best judgment in all situations. There will be no other rules.” There was another paragraph inviting employees to ask their managers questions at any time. (Nordstrom still urges employees to use their best judgment but does now hand out a more detailed handbook with rules and legal requirements.)


Happy Cyber Security Awareness Month: Getting Free-Thinkers To Pay Attention

If you’re like me, you think about cyber security all day, every day. You may even dream about it. It’s why I’m an IT security professional (and probably not the most interesting guy you’ll ever meet).

But since most people have other things on their minds most of the time, it takes a special effort to get them to focus on the importance of IT security. That’s where National Cyber Security Awareness Month—which occurs every October—comes in.

While setting aside a month to promote cyber security may not seem like the most hard-hitting tool to tighten security for your organization, it actually is a great opportunity to do just that. That’s because more than ever cyber security is all about peoples’ behavior and raising awareness is one of the best ways to have an impact on that.

What we have come to realize in IT security is that policy, compliance and governance alone won’t achieve cyber security for your organization unless people take those policies and rules and use them to make the right security decisions. The reality is that whether it’s people in their homes or in the workplace, we depend on individual behaviors to safeguard IT security—or anything else for that matter. If you don’t lock your door, people can walk straight into your house. If you leave your car unlocked, there’s a greater chance it —or something in it— will get stolen.


2013 RSA Conference Shows Risk Management A Growing Priority

The 2013 RSA Conference provides a terrific venue for industry leaders to share and communicate, but one topic, I couldn’t help but notice a dramatic rise in interest: Risk Management. Over the past three RSA Conferences, I have seen our Risk Management seminar increase from a peer-to-peer session of 25 people two years ago to more than 800 people at this year’s session — and with good reason.

The idea of risk management resonates deeply within the industry, including the need and practice of risk management and the desire to bond security, data analytics and the business. A well-rounded discussion was generated from the audience that focused on a number of pivotal ideas of risk management: What does risk management mean to an organization? How does an organization measure success? How can an organization work more collaboratively to push back against threats?

Risk Management and the Business

As we in security continue to study and execute the science behind risk management, we understand more and more that it cannot be managed in a bubble. Risk management, to be truly effective, must move into the business. Ultimately, the security organization cannot accept the notion of an impenetrable or perfect system as a matter of doing business. By evangelizing risk management into the business, we create a new sense or priorities and responsibilities in which non-security and non-IT business users assume risk management as their own.

When this occurs, perspective is gained on how other units respond to risk, even down to financial management and financial risk. In that regard, risk management no longer lives in a vacuum and advocates begin to pop up throughout the organization. These advocates will expand the network of risk management and operate in a way that bolsters an organization’s security posture. That was an important message from this year’s RSA Conference.


Communicating Risk Management in the Face of Constant Threats

In the face of an ever-changing security landscape that presents constantly unique threats, an enterprise’s defense must be robust and complete with multiple layers of prevention and defense strategies.

While enterprises may arm themselves with the most technical controls possible, a critical element to a proactive defense is communication. When we speak about communication, we refer to a strategy that goes far beyond messages to your employees about the latest security guidelines being handed down. The key to communication is removing the perception that the security organization is an obstacle to doing business.

At EMC, we have moved to empower people by breaking down barriers of communication between IT and the business. Through this approach, we have found success broadening the responsibility of risk management and changing the core behaviors of individuals that results in a stronger security posture and overall defense.


EMC Security Chief Highlights New Strategies to Meet Big Impact IT Trends for 2013

Dell IT Proven

Dell IT Proven

Dell IT
IT Proven allows you to leverage Dell IT’s first-hand knowledge and best practices to accelerate your own IT transformation journeys, transforming operations and delivering IT as a Service through the power of cloud computing. IT Proven highlights how Dell IT transformed into an agile, innovative, and competitive service provider.

New, advanced technologies continue to provide a faster, more agile environment. But those technologies – cloud computing, mobile platforms, Big Data and social media – can widen the exposure companies face to potential security threats.

To help companies remain proactive in their security measures, the latest Security for Business Innovation Council (SBIC) report titled, “Information Security Shake-Up: Disruptive Innovations to Test Security’s Mettle in 2013,” offers a forward-looking analysis of the new enterprise threats in 2013, and recommendations for how security teams can limit risk.

The report also examines four strategic steps enterprises can leverage to strengthen their security programs, including: How to boost risk and business skills, court middle management, tackle IT supply chain issues and build tech-savvy action plans.

You can learn more about the SBIC Trends Report 2013 by viewing the following video featuring EMC Vice President and Chief Security Officer Dave Martin. We have also discussed related topics in previous blogs on this site, which combined with Dave’s video and the new report, will offer a full picture of security innovations we’ve explored at EMC.  

Keeping the Bad Guys on the Run: Working Together to Neutralize Cyber Threats

James Lugabihl

James Lugabihl

Director, Critical Incident Response Center, EMC IT
James Lugabihl

Latest posts by James Lugabihl (see all)

Threat intelligence is king. The more you have, the better positioned you are to protect your organization from cyber attacks.

But staying on top of threat intelligence to fight these sophisticated attackers requires a new, collaborative approach to security—one that most companies and organizations haven’t embraced as yet. We need to be able to continuously share information on the latest cyber attack techniques on malware and email campaigns beyond our own networks in order to defend against an onslaught of external and internal threats. We need to “talk” to each other to warn against the latest tactics.

Getting beyond “defend” mode

Most companies are still in “defend” mode, using the traditional firewalls and other perimeter-based tools to guard their networks and data. While you don’t want to get rid of those old war horses, your company does need to expand its capabilities to defend against and respond to the more sophisticated threats. By tapping into what other organizations are seeing in terms of attack techniques, tactics and procedures (TTPs), you can detect such threats much earlier and minimize damage.

I manage the Critical Incident Response Center (CIRC) at EMC, tasked with defending the company’s revenue stream and future market value from cyber threats. At EMC, we believe we have been able to achieve a uniquely high level of incident response capability using much of our own cutting-edge information security technology.


Changing Our Information Security Culture: EMC’s New Collaborative Approach to Reducing Risk

What do corporate IT security and healthcare have in common these days? Both are undergoing a cultural shift in which customers are being asked to take responsibility for their own well-being.

Just like getting individuals to focus on proper diet, exercise and screening efforts can help prevent health problems and keep everyone’s medical costs down, so can getting IT users to embrace proper security practices help prevent costly security complications for employees and the company they work for.

At EMC, this realization is driving a major transition in our approach to security. We are evolving from a centralized global security team that dictates regulations to the business units that consume IT without their input – to a dispersed security force that works with the business to understand their needs and create policies and standards that the business can live with.

Last year, our Global Security Office (GSO) began a multi-year effort to transform its security approach.

Posted in Security | Comments Off on Changing Our Information Security Culture: EMC’s New Collaborative Approach to Reducing Risk

Follow Dell EMC


Recent Tweets

You asked, we delivered. Our Future-Proof Storage Loyalty Program has expanded, thanks to your feedback. See the be… about 16 mins ago
RT @DellEMCServers: The PowerEdge R740xd has earned the first-ever @storagereview Editor's Choice award! Take an in-depth look at this pow… about 1 hour ago
All-Flash solutions are not created equal. @PrincipledTech evaluated VMAX and others in head-to-head tests of handl… about 6 hours ago