Cybersecurity continues to be a primary concern across all industries. At Splunk .conf18 in Orlando, Fla., on Wednesday, CISOs from a variety of backgrounds shared advice on the common challenges they face and discussed the hype versus reality for other scenarios.
In talking about the role of artificial intelligence in automating security tasks and replacing humans, for instance, panel members seemed to agree that while AI is a valuable tool, the need for humans won’t completely disappear, but rather will continue to evolve.
“Operating at human speed is not going to work in an interwoven world of technology. It’s just a failing paradigm,” said Richard Mason, president and chief security officer of security consulting firm Critical Infrastructure and former CSO of Honeywell International. Rather than throwing 100 more people at a problem, organizations must learn to move people up and leverage AI as a tool. Automation orchestration, he said, equals happier analysts who are freed to do much more meaningful work.
“Through AI, through automation, we’re going to really lower the barrier to entry into the cyber field,” Mason added. “Thinking of human-machine interaction, I think you’ll have that virtual personal assistant on your first day teaching you how to use a console.”
In healthcare, Nancy Phillips, CISO for Denver-based Centura Health, said that while automation can play a great role, people are necessary to “understand what’s at the end of that IP address.”
“It might be connected to a pump that’s keeping a patient alive,” she said. “In some instances, it can do more than in other cases.”
Cloud Migration Is Changing How Organizations Approach Security
The panelists also talked about how the increased migration to cloud in all industries is having a major impact on security discussions. One of those is the over-reliance on internal networks as a safer place, said former Twitter CISO Michael Coates, who now serves as CEO of venture-backed startup Altitude Networks.
“That only works if you trust everyone inside your company,” Coates said. “If you have a soft, squishy center and a strong perimeter, all you’re saying is, if we have one issue on our external perimeter, an attacker has full access to everything, which is a catastrophic failure.”
Phillips agreed, saying that cloud security, identity security and data security, more than perimeter security, is the direction the world is going, but that it comes with its own set of hurdles.
“It is an interesting problem to solve because you have to solve it on so many levels,” she said. “What ends up happening, too, that you have to start thinking about as you go to cloud is, what is that cloud center security operations center and can we get the business to buy in? Because we want data, but data coming out of the cloud is very, very expensive. You really need to think through how you’re going to interrogate that data, where that data is and not necessarily having it all come into a centralized area.”
Another challenge — one that’s not discussed enough, Mason said — is application programming interface security. Too many companies, he said, are blindly trusting APIs because of the features they bring without having any sense of the underlying code or how that might impact an internal system.
“We’ve been too little, too late as a security community to bless code after it’s already out there,” Mason said. “That’s not the right place. We’ve got to do secure by default, secure by deploy, security built in, and that means changing the culture of our developers and being a stronger partner.”
Keep this page bookmarked for articles from the event. Follow us on Twitter @BizTechMagazine, or the official Splunk Twitter account, @splunk, and join the conversation using the hashtag #splunkconf18.