CISO’s Guide To Securing Enterprise Communications

Recently, ABI Research and Silent Circle collaborated on a project to research and produce a guide to help chief information security officers secure their enterprise communications. The CISO’s Guide To Securing Enterprise Communications addresses the exponential expansion of the use of digital devices and the challenges that come with ensuring that those devices are secure. The guide posits that CISO’s need to be fully aware of this exponential growth and actively searching for effective data security solutions.

ABI Research predicts that by 2021, almost 50 billion devices will be connected globally including a broad variety of legacy and newly connected vectors, ranging from industrial SCADA networks to 4G connected wearables. It’s predicted that this expanded connectivity will take a number of different forms such as Zigbee, Z-Wave and 6LoWPAN to longer-range cellular including LTE variants, and the upcoming 5G standard. The connections will ultimately all be linked back to IP networks, back-end infrastructure and IT systems for monitoring and management purposes.

Although the capabilities of this expanding technology ecosystem is exciting, the need for trust in the system is paramount. The community and technology infrastructure will remain vulnerable to attacks and exploitation by malicious encroachers. One of the biggest challenges for enterprises, in particular with the IoT, will be how to scale security in the most effective manner. Security must be not only be cost-effective, but must also have a seamless integration and be simple to use.

Comprehensive enterprise protection can only be achieved through a combination of secure hardware, to anchor trust, and software, to enable flexibility. CISOs need to make a dedicated internal effort to map and analyze existing channels of communications between people, systems, and devices. It also means anticipating new means of communications that may become standard channels on which core business is conducted.

A security strategy and accompanying implementation plan needs to address risk appetite and acceptance, what is allowed and what is not, how to inform and obtain approval for tools, incident response and remediation plans, and educational initiatives. Most importantly, such a strategy needs to be approved and endorsed at the top of the organization and communicated throughout the enterprise. It is essential that all employees, and potentially outside contractors, understand and adhere to the security strategy. Organizations need to be doing this on a continual basis; mapping their communications channels on a regular basis and updating their strategy to reflect accurate usage. As organizations evolve and scale, priorities and risk appetite will inevitably change.

Learn more about how CISOs can secure enterprise communications by downloading the full guide.