Today's security landscape is littered with increasingly sophisticated threats, attacking the business from every angle, from both inside and outside the organisation.
They can stem from myriad sources - badly configured permissions and settings or poor data governance. They can enter the company through the slew of devices plugging in to the corporate network, which leave with its most valuable information. Threats are out there, looking for a chance to strike, and can result in devastating losses, both financial and in terms of damage to the brand.
To fight these threats, Dell has taken security to a new level, to offer one optimally designed solution, said John McClurg, Dell's CSO, in an interview at the Dell Solutions Summit 2014 in Brussels this week.
"When people think of Dell, security doesn't immediately spring to mind. Dell's security journey began when Michael Dell, the company's founder and CEO, changed the organisation from a hardware vendor to a scalable solutions IT company, and woke up in a cold sweat one night worrying about security, as all the benefits of having this integrated business would be for nothing if security wasn't addressed."
McClurg has an unusual background. A former student of the arts and philosophy, he is also an attorney, a former FBI agent, a one-time undercover CIA operative and the former head of security at Honeywell and Lucent Technologies.
He was also instrumental in the capture of the notorious phreaker - a person who studies, experiments with, or explores telecommunication systems - 'Dark Dante' who breached Pacific Bell's phone systems. McClurg also helped capture Harold James Nicholson, a notorious former CIA officer, who turned out to be a spy for Russia's Foreign Intelligence Service.
A philosophical view
He also enjoys applying a philosophical view to the threat landscape and drawing out principles of IT security management, using principles of hermeneutics, a disciple that covers both the first order art and the second order theory of understanding and interpretation of linguistic and non-linguistic expressions.
McClurg spoke of the rise of cyber threats compromising physical assets, such as the Iranian nuclear programme discovered when it was targeted by Stuxnet. These days, he says, the traditional boundaries of delineated interests that make up our world are growing increasingly porous, including the interdependencies between the physical and logical worlds. This is why a converged approach is needed, that can develop security from a co-ordinated approach.
The security landscape is one that is chaotic, complex and loaded with conundrum, he said. To combat this, Dell has transitioned to an end-to-end security solutions provider and is taking security to an entirely new level, through the evolution of a security model that fights these three 'Cs' with another three 'Cs': converged, core and connected capabilities.
The one that got away
McClurg tells an interesting story about how, during his FBI days, a colleague and friend named Bob, asked his opinion on whether, if a foreign adversary had the power to limit all their activity to cyberspace, would they have the capabilities to capture them? He says even today, the odds are stacked against the "good guys" when it comes to tracing organised cyber crime. Ironically, the friend "Bob" turned out to be the infamous Robert Hansen, a former FBI agent who spied for Soviet and Russian intelligence services against the US for 22 years, and who is currently serving 15 consecutive life sentences.
This moved the conversation to the insider threat that McClurg sees as being one of the greatest threats out there, and a subject that is close to his heart from his time at the FBI. The insider threat again illustrates the interdependencies of the physical and logical worlds. While controls may be in place to prevent sending out e-mails with proprietary information, or copying data onto a flash drive, people can still sneak physical copies of data out the building, and often the intellectual property is in their brain or what he refers to as the 'wetware'.
In terms of other types of insider threats, such as the careless insider who leaves sensitive files lying around, he says a lot of labels are placed retrospectively. "Often a human acts with the best data they have at that moment, and it is unfair to call their actions stupid. What is more dangerous, and should be made accountable, is someone who rather fails to act despite warnings, those who had all the data available to prevent something bad from happening, but didn't."
For malicious insiders, or those who are acting on their own interests - be it frustrated career ambitions, ideology or financial gain, McClurg says there are signs to be on the lookout for. "A malicious insider will often be seen traversing the network in what are explainable areas, that they do not need to access, or looking at documents that are outside their purview."
At the end of the day, he says, we must bear in mind that there are all sorts of variables that make up a human being, as well as our external environment. "The fact that someone has a propensity to be a threat, doesn't mean they are going to. Intent is important."
Share