The 3rd edition of Security Strategist, organised by CNME on Monday, rallied together the information security officers and industry experts from the region to discuss some of the burning security challenges facing the regional businesses. Held under the theme -defining a security blueprint for the enterprise- the event addressed growing risks of information security and how best to address the challenges of new technology opportunities such as cloud, mobility and social networking.
Businesses have more information to protect at more points against more threat than ever before and focal point of the event was defining the ways businesses can build an effective defence and understanding the peculiarities of today’s threat landscape. The event was kicked off by a presentation by Rehan Sami, Solution Architect with Etisalat, who spoke about securing the information and communication highway and advised the audience comprising CISOs to evaluate the threat landscape before prioritising treatment strategy.
Ahmed Abdella, regional director of RSA, spoke about how to sustain trust in a digital world, and pointed out there has been a shift in paradigm in the digital world. “Today’s security processes do not address advanced and persistent threats and the system needs to evolve. There is no one single solution and you need a combination of continuous monitoring, user authentication and education and awareness,” he said.
Kamran Ahsan, head of information security at Injazat Data systems, echoed a similar opinion, and summed up over overall security challenge with three Cs – complexity, compromises and compliance.
Arun George, regional manager at HP Enterprise Security Products gave a presentation on the need for proactive security and urged the user community to take a risk based approach and think like the adversaries, as attacks and attackers become more sophisticated.
The event also brought to fore one of the dominant themes in security world today – governance, risk and compliance. Dr Angelika Plate, director of strategic security consulting at help AG, tackled this topic and said there is no right or wrong way of doing risk management. “The organisation should choose what suits them and risk management eventually results in a set of controls implemented to keep the risks under control.”
The post-lunch session featured presentations from some of the prominent CISOs in the region including Hariprasad Chede, CISO of National Bank of Fujairah, who spoke about information risk management from the human perspective. “All businesses should have good IT security controls and process controls. Autonomy, mastery and purposes are the three key things help us manage the right culture in the workplace.”
Another end-user presentation of note was from Ahmed Baig, CISO of Abu Dhabi Government Entity, who spoke about the security challenges of mobility and cloud computing in government. “The biggest challenge most of us face is the concept of bring your own device. Mobile computing should only be allowed in companies with due diligence. A lot of organisations don’t look into the data when they look at information security. This is a common mistake,” he added.
The Security Strategist event also featured a panel discussion on the need to rethink information security in the context of changing threat landscape. The panellists unanimously agreed the new type of threats call for a completely new way of thinking and a security architecture that is more dynamic and flexible.