Level 3: Security Is Company-Specific
NEW YORK -- Even with growing concerns about security breaches, many enterprises aren't protecting their data adequately because they don't know where it resides within their IT structure or whether the right data is being protected. That's why careful auditing and assessment are key steps to a more secure future and may be more important than careful compliance, Level 3's Chris Richter told the Carrier Network Security Summit here last week.
Richter, who is senior vice president of Global Security Services for Level 3 Communications Inc. (NYSE: LVLT), said it's also important for an enterprise to know exactly what makes their company a target, whether it's stored customer information, intellectual property or something else, before a company's specific risk can be determined. The security strategy needs to be built on addressing risks, not on just meeting compliance rules.
"Every company faces different kinds of risks" and the threat environment is constantly changing, Richter said.
Level 3 has become much more aggressive both in promoting managed security services and in proactively going after the bad guys, using network intelligence built on understanding of network behavior to see where things are off kilter. Network-based security services are able to evolve with the ever-changing threat landscape, and therefore offer better protection, he commented.
But company-specific audits are also a key. He cited one California-based company whose Level 3 audit showed connection activity on its servers from places such as Turkey, where the company wasn't doing any business.
"That was a clear indication that something was wrong," and there were vulnerabilities to address, Richter commented. But it takes company-specific audits to identify those kinds of otherwise undetected issues.
Richter was among several speakers who also urged enterprises to collaborate and share threat information so that known threats can be more quickly identified and warded off.
He also pointed to the difficulty many enterprises face in hiring security experts. While lower-level jobs requiring little experience can be filled in a matter of months, it can take a year or more to hire the most senior folks, who are capable of building an enterprise-wide security strategy.
— Carol Wilson, Editor-at-Large, Light Reading