x
Mobile security

SlideshowSecurity Suffers From 'Not My Job' Mentality

Security Survey Results
Security isn't only necessary to protect the network, consumers and devices, but it makes business sense for service providers too. Seventy percent of service provider respondents told Heavy Reading security would have a positive business impact on them.
Security isn't only necessary to protect the network, consumers and devices, but it makes business sense for service providers too. Seventy percent of service provider respondents told Heavy Reading security would have a positive business impact on them.

Page 1 / 2   >   >>
SachinEE 12/13/2014 | 9:21:18 AM
Re: Too True @markC73: I agree. When discussing sensitive issues like security, it really is easy to entertain someone and hurt some one else since most people are doing their jobs and they don't like hearing that they don't do their jobs nearly good enough for the superiors. That is why motivating speeches are so important while making such decisions.
SachinEE 12/13/2014 | 9:14:26 AM
Re: Too True Basically it is the CIO's job to poll this decision to the CEO that the company needs better (and since better means costlier) security, and it's also his job to show the CEO how viable this is financially, whether this kind of measure will save the company from shame and he would also have to provide a replacement margin for the security i.e. when should the "better securities" be changed/replaced.
SachinEE 12/13/2014 | 9:11:47 AM
Re: Too True @mendyk: Well you can't just pin a series of tasks to someone who does not have the capacity or the motivation or in some cases the education to perform those tasks. People need to understand that network security is no piece of cake. THere should be a security manager who supervises everything.
mendyk 12/11/2014 | 3:28:04 AM
Re: Too True Agree -- all these initiatives and decisions are interrelated, and it's very difficult to account for everything in the big picture. Operators see security as the most critical issue facing them. They need to bake security into all aspects of their service and network planning. Leaving it to the security cops isn't likely to work. From Patrick Donegan's work in mobile security, we know that operators have a huge amount of work to do. And maybe that's what's leading them to defer change.
MarkC73 12/10/2014 | 8:13:17 PM
Re: Too True @brooks7 comment on senior management,

I think this is key and as basic as it is, many good technical people do forget this.  Knowing how to talk to different groups of people can be just as important as sound technical fundamentals.  Know your audience and their motivations, seek to build a bridge why what's important to you is also important to them.  Unfortunately, sometimes it's after the fact but still having the plan ready, not only keeps you ready for opportunities for funding, but also shows that you are technically aware of the issues.  One would hope after you have a history of calling the flaws right they'll listen before hand...

Another thing is to make sure security is tied to product development and not just an annual after thought.

 
brooks7 12/10/2014 | 5:52:14 PM
Re: Too True  

So, having a customer have an API to change the network...good for security? (See SDN).

Again - convenience versus risk.  It is never a simple answer.

seven

 
mendyk 12/10/2014 | 1:45:11 PM
Re: Too True One other issue here is that security is seen as a siloed problem, when in fact it cuts across the entire network operator organization. That may be an even harder nut to crack than getting CXOs to understand the business case for more spending on security.
mendyk 12/10/2014 | 1:42:31 PM
Re: outlook "The world is changing, and it's changing for the better, but we don't know if we are going to be able to change with it."
Ariella 12/10/2014 | 1:32:55 PM
Re: outlook @MendyK ah, so the glass is less than 1/3 full, or the winds are there, but the sails are not positioned to take advantage of them.
brooks7 12/10/2014 | 11:26:01 AM
Re: Too True I think your comment is exactly the problem.

Don't expect senior management to understand the issue.  Put it to them in business terms. Security is about customer trust.  Can you show the kinds of breaches that are out there and the risks involved.  My experience is that IT folks show up with Gold Plated Solutions that are remove any risk and are upset when the company can't afford them.  What needs to happen is what happens in the real world...Security/Risk and value are matched.  Think about the front door of your house.  Why is it not a bank vault door?  The reason is that you don't want to afford the same level of security as a bank because you are matching the risk and value in your life.

seven

 
Page 1 / 2   >   >>
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE