SecTor 2014 – What We Learned

Last week, thousands of IT security professionals gathered in Toronto for the annual SecTor Security Conference to share compelling research and new techniques. From malware attacks to unencrypted stolen devices, data theft is rampant in the enterprise, and security solutions are, well, supposed to be the solutions. Security experts at SecTor presented on the various ways organizations can learn from past mistakes and how vendors can aid in this process.

Here are a few of the common topics we observed:

1. Security as part of the DevOps process

In the presentation, “KickaaS Security with DevOps and Cloud,” it was suggested that security be woven into the DevOps process. Development and operations includes monitoring, updating, and improving technology. As a part of this practice, security would no longer be left outdated and vulnerable.

2. Go on the Dark web

The Dark web can be accessed for good. News of the breaches appear here, as it is also the marketplace for the stolen information. Monitoring hacker activity is much like living up to the saying, “Keep your friends close, but your enemies closer.”

3. Sound the Alarm

Early detection is no good if it is not known, and IT professionals across the conference urged each other to communicate immediately at the sign of suspicious activity. Regarding the recent retail data breaches, there has been much criticism that not only are the solutions reactive, but the people in control of the solutions are withholding the information for far too long. In the session, “Asymmetry in Network Attack and Defense,” the audience was reminded that sharing knowledge is the cheapest defense.

So what was the major lesson learned here? Security processes need to start being more proactive rather than just reactive.

DevOps Cloud Security is more important than ever.

Previous Post
Another Brand, Another Breach
Next Post
Safeguarding Transactions

Related Posts

Hidden Benefits of Encryption for Legal Services

Lately we have noticed a growing interest for encryption and data security in the legal services industry. Legal services face a similar challenge as other verticals with the need to protect corporate assets being shared through multiple devices and portals.…
Read more

Encryption only works if you use it

Once again there’s been a device theft that has left the personal health info (PHI) of 11,000 patients out in the open because the device was unencrypted. But when you look deeper into the problem, the organization did actually have…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu