| | June 20159CIOReviewThe initial step in any successful security strategy is to decide what needs to be secured and from whomattackers get more pernicious, you need better defenses to get them. Those stronger defenses are out there in the form of cutting-edge security companies that attack the problem in new and exciting ways.But let's take a step back for a moment. Before technology even enters the conversation, companies first need to change the way they think about security. Ideally, they want to prevent attackers from accessing their network. But enlightened security professionals have resigned themselves to the fact that determined hackers will find a way in.The initial step in any successful security strategy is to decide what needs to be secured and from whom. What data is vital to your enterprise and who should be allowed to access it?Start with the 1 percent. That's the 1 percent of information that should only be accessed by the top people at the company, strictly confidential and never to leave the on-premise data center. For example, a pharmaceutical company with a new range of innovative drugs. Those drug formulas might have cost billions of dollars to develop. They could be a breakthrough that fuels company growth for years to come and they must be protected at all costs.Now CISOs and CIOs must focus their energies on a security strategy that can detect intruders once they are inside. They need detection systems that have few to no hardcoded rules to try and determine anomalous behavior. Any system that is exclusively ruled will be compromised, because the bad guys will figure out the rules and work around them.Another strategy to use is deception. Deception is the notion that if someone does break into a company's network, that it can draw him or her to a target that looks valuable, like a database full of credit card numbers, but is really a decoy. When bad actors attack it, they're busted. We just funded a company--Attivo Networks--that works this way. There is a lot of innovation that can be deployed using this method and I continue to look for additional solutions in this area. Organizations need to protect information, but they can't just lock down all their data. After all, the modern enterprise needs to put apps and data in the cloud to enhance productivity and speed competitive advantage. The reality is that the vast majority of data--pretty much everything--is going to migrate to the cloud including the 1 percent or the most critical data. That's why I'm also looking at security solutions that help monitor, control and protect data that lives in the cloud. I've invested in a company in this space that helps organizations move their applications and data to Amazon Web Services, while giving the total visibility into hundreds of different security risks and vulnerabilities.As an investor, there's never been a better time to fund security startups. Yes, the bad guys are getting smarter, but so are startups that are determined to stop them cold. And now that cyber security has the full attention of the boardroom, CIOs and CISOs are in a better position than ever to take action."
< Page 8 | Page 10 >