Tenable Blog

From a legal standpoint, businesses must do what is considered “reasonable” to secure their organization’s data. “Reasonableness” has been the standard for data security for about 20 years, said Kirk Herath, VP, associate general counsel and chief privacy officer, privacy, technology and contract services for Nationwide Insurance in our conversation at the 2015 RSA Conference in San Francisco.

At the 2015 RSA Conference, security evangelist Bruce Scheier challenged his audience: “Don’t ask if you should be in the cloud. Ask if the cloud is more secure [than] what you’re doing right now.”

Later during the conference, I posed that same question to Ben Rothke (@benrothke), Principal eGRC consultant with The Nettitude Group as to how you should determine which environment is more appropriate and secure for your data.

If you work in IT or security you have unfortunately seen behavior cross your network that you did not invite. In an effort to hear the best IT war stories, I asked security professionals at the 2015 RSA Conference in San Francisco, “What’s the most unwelcome surprise that ever appeared on your network?” Watch and be afraid, be very afraid!

“Take the opportunity in an incident to apply the skill for a specific problem with effort that’s isolated,” said Andy Ellis (@csoandy), CSO for Akamai as I broke into a conversation he was having at the 2015 RSA Conference. “[The problem is] people in a vacuum will overdesign software. They want it to solve all problems. In an incident you say, ‘I need it to solve one problem,’ let me code to do one problem. And it’s not software engineering often, it’s really just coding.”

“When data gets really big, really massive scale, it becomes really hard to secure, because you’re talking about breaking down a lot of assumptions we used to have.