Genetec
Follow us onFollow us on Twitter
Defilaide
iTech
CANASA
Source 44
Pelco

Q&A with Brian Phillips, Bell Enterprise

Topic: Security and senior management

Do you think more Canadian businesses are concerned about their security posture then ever before?
IT [security] is definitely on the rise. I look at it from the view of the corporate security officer: they were in the basement before and now they find themselves in the boardroom. Our primary focus in the past has been large enterprise, but there is certainly a lot more activity coming from small to medium-size businesses (SMB). A lot of it is driven by compliance. There are a lot of compliance issues driving SMBs to improve their security posture.

What’s driving security these days?
When we talk about IT security threats, everybody understands botnets, spams, denial of service attacks, viruses and phishing, but I really believe attacks on the computer networks are posed to escalate. Particularly when you look at today’s business and the reliance they have on corporate IT networks and their connection to the global Internet as a backbone for their sales, marketing, operation or financial systems. As more pervasive technology gets, the more impact it has on a business.

There’s been a lot of talk amidst security professionals regarding the convergence of logical and physical security. Are you seeing this happen?
I think this is relatively new and is an emerging area of security. I think we are at the early adoption curve in the area of convergence. I look at the some of the early adopters, like those in finance, and they know when you start to do business in the cyber world, they need their networks to be secure, as well as their backdoors. I think as security technologies continue to advance and there is more reliance on IT security, there will be a natural move towards convergence. I also believe that this is whole notion of budget constraints is becoming more and more vital. Those in physical security are going to be forced to work with their IT counterparts. I look at the CSO and I think they should be the change makers in this game of initiating the conversation with others. I firmly believe the blurry line between logical and physical security is disappearing.

What steps can businesses take to improve their security posture?
Firstly, create an information and security culture. To create that, ou have to make security everybody’s responsibility. You don’t want it just driven by the board because of a compliance issue and you don’t want it driven, solely, by the CIO or CSO. The one thing people are getting their heads around is the final responsibility of security rests with senior management. That to me is what really is going to be driving things. However, the trouble with senior management is that they ask for a business case for security and I always start by asking them: Have you conducted a security audit? One that includes a company wide analysis that looks at where your vulnerabilities are and where your strengths are. You can’t just look at IT systems or physical systems; you have to look at people and everything else. Training and testing is paramount – both have to be an ongoing exercise.

How important are users in this whole security equation?
It is all very good to have a security policy in place, but unless the staff members know how it operates, its strength will be diminished. Security training should become a permanent function in organizations, with regular information updates. Alarms should be ringing in organizations today of how important security is.

How has the threat landscape changed over the years?
Today’s business are relying on the Internet and executives cannot afford to put at risk the stability and security of their operating and financial systems, including transaction and intellectual property. The train robber has been replaced by the cyber thief. That is what is coming to the forefront especially as law enforcement tries to grapple with the pervasiveness of the crimes that are taking place over the Internet.

What advice do you have to Canadian businesses looking for help with their security needs?
It comes right back to vulnerabilities and risk. You have to know what you vulnerabilities are and what their impacts are. Do a business impact assessment. There is no opting out clause. If it is identified as a risk and nothing has been done, you just look at the liability and I think the record shows that the companies that have not invested in security, don’t come back into business a year later. It is critical to have a good security plan. What does it mean for your branding, for your investors. Security, today, is really being driven by the risk side of the house.

For more information on Bell Enterprise, visit: www.bell.ca/enterprise.

Bookmark and Share

Resource Centre Categories

IT
Anti-Spam
Web Site Security
E-mail Content Management/Filtering
Authentication
Anti-Virus
Integrated Applicances
IM Security
Public Key Infrastructure
Data Loss Protection
Database Security
Mobile Encryption
E-mail Archiving
E-mail Encryption
Data Recovery
Patch Management
Mobile Security
E-mail Security
Digital Forensics
Firewalls
Web Content Management
End Point Security
Web Server Protection
Hard Disk Encryption
Log Management
Identity Management
Penetration Testing
Remote Access
Virtualization
Internet Security
Application Security
VoIP Security
Anti-Malware
Intrusion Detection and Prevention Systems
Anti-Adware/Spyware
Security Information Management
Encryption
Network Access Control
Password Protection/Management
Enterprise Management
Wireless Security
Network Security
Digital Rights Management
VPN
  
Content Management
Storage
Secure eCommerce
  
SSL VPN
Managed Services
Secure File Transfer
  
Physical Security
Access Control
Security Product Distributor
Fog Security
Battery Back Up
Biometrics
Perimeter Protection
Shredders
Asset Protection
Laptop Security
Video Surveillance
Window Film
Home Automation
Sound & Communications
Wireless Security
Systems Integrator
IP-Based Video
Alarm Monitoring
Identification Products
Locks & Door Hardware
Safes & Vaults
Key Management
Smart Cards
Burglar Alarm Systems
Building Automation
Asset Tracking
Intercom Equipment
Window Bars
  
Fire & Life Safety
Guard Services
Structured Wiring
  
Procedural Security
Business Continuity
Compliance
Background Checks
Crisis Management
Fraud
Loss Prevention
Disaster Recovery
Association
Pandemic Planning
Training & Awareness
Investigations
Penetration Testing
Privacy
Incident Management
Risk Analysis
Vulnerability & Risk Assessment
Risk Management
Security Audits
Employee Monitoring