London, 13 Oct 2011
Despite the proliferation of mobile devices and the bring-your-own-device movement, companies shouldn't lose control of their security.
This was discussed at the recent RSA Conference Europe 2011, held in London, during an enterprise security panel.
"We have to focus our IT security strategies more on data," said Ralph Salomon, VP security for SAP. "What is the important and critical information we have to protect?"
He said companies must think about how to isolate some systems to make sure information is better protected. "Maybe have some restrictions for systems that are not 100% compliant, so they cannot access your critical information."
He also suggested not allowing users to store critical data on their mobile devices. “Use apps on devices that enable you to get secure access to your records system. Don't send around Excel spreadsheets. Try to keep your data in your database and bring access via a tool.”
Eddie Schwartz, CSO of RSA, said: "Don't let the end-users control the process. The CIO has to dictate the process in an intelligent and secure manner. If they're not doing that, they need to be fired."
According to Paul Dorey, founder and director of CSO Confidential, "we have no choice but to go with the flow, but use it to our advantage. That does mean change".
He said it's impossible to secure the whole network, only part of the network can be secured at best. "Only protect critical data.”