CompTIA held a series of security talks during the August 11 ChannelCon 2014 event in Phoenix, covering such topics as the importance of a well-rounded security plan and how it can help drive their businesses. Ron Culler, CompTIA faculty member and CTO of Secure Designs, hosted the three-part session, sounding off on issues such as endpoint security and implementing lifelong security plans.
Here are the top five takeaways from the discussion:
1. Companies can avoid data breaches by implementing endpoint security
Many of the biggest recent data breaches have been the result of sloppy or nonexistent endpoint security, Culler said. For example, Target could have avoided its Black Friday breach if the company had exerted tighter control over its ecosystem and taken stricter measures to prevent exploitation. Additional threats to a company’s secure data come from an increasing reliability on outsourced services and enterprise mobility, both of which open avenues to potential leakages or hacking from outside sources. Controlling who gets access to the system is a prime way to eliminate unwelcome eyes from accessing certain information.
2. Encryption needs to be layered to prevent data collection over Wi-Fi
Even the most unskilled hackers can learn how to access enterprise data by simply watching YouTube videos or reading through forums. Companies need to prepare themselves in case of an attack by layering their encryption methods and creating multiple barriers to entry so that accessing sensitive customer payment information and other confidential data is as difficult as possible for potential intruders.
3. Your customer’s business is also your business
When a solution provider is hired to protect another company’s assets, the quality of the protection provided is a direct reflection of its own business. Because companies will look to solution providers as their security expert, it is important they understand the business and learn about its accountability, product delivery channels and regulatory requirements. By beefing up their own knowledge of a customer’s business, solution providers can be better equipped to understand the types of security needed to keep their customers’ enterprise data secure.
4. Security is not a one-time purchase; it needs to be dynamic
Many companies mistakenly think of security as a one-time purchase; however, developing an evolving security strategy should be the No. 1 priority for companies to avoid potential breaches. Just as threats are always changing and evolving, so, too, must a company’s security measures to ensure that certain policies don’t become outdated and exposed. Culler urged attendees to think of security as a cycle: It should grow and change over the course of the company’s lifespan.
5. Solution providers should think of security as a business enabler
Security is not just a way to keep intruders out of important business data; it is also a way to show a solution provider’s strength in the market and to cultivate trust among customers. The most successful solution providers will build their brand and reputation on the reliability of their security measures and use this success to attract new customers. Security should be an enabler of business, not just a defensive measure to keep data safe.