Analysis

Carbon Black Connect 2019: Cloud will revolutionise cyber security strategies

Company's annual conference highlights importance of security infrastructure, diversity and understanding the hacking community

This year's Carbon Black Connect cyber security conference, held in London last week, had a little something for everyone.

While keynote speeches were devoted to how the cloud will "revolutionise" the way IT security is delivered to end-user customers, delegates heard elsewhere how a change of perception about who hackers really are could prevent more attacks.

Advertisement - Article continues below

There were also talks on what clauses organisations should have in contracts for cloud services to ensure better security and data privacy, and whether queues for the women's toilet at tech conferences were a sign that diversity initiatives were finally working.

Cloud will revolutionise security

Perhaps the most prevalent theme of the day, however, was the role of cloud in how organisations protect themselves from threats in future.

Patrick Morley, CEO of Carbon Black, said that thanks to the firm's acquisition by VMware earlier in the year, it was able to put more of its analytics into the cloud.

"We fundamentally believe the cloud is going to revolutionise security over the coming years. Again, I'll say this, it does not lessen our commitment to our on-premise products, we just recognise the power of being able to do a lot of analysis in the cloud," said Morley.

He added that cloud-based analytics would help identify and thwart potential hackers more effectively, reduce operational overheads for customers, and deliver "faster time to value".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"It's going to revolutionise security. It allows us to innovate faster, because every time we build new services on that platform, we deliver those to you without actually having to deploy anything inside of your data centre," said Morley.

Safeguarding your security contracts

Yet, the event also served as a warning for those businesses looking to adopt cloud-based security themselves to understand the additional contractual headaches that can occur as a result.

Specifically, organisations going into the cloud should make sure any contracts with service providers have a number of clauses inserted to protect their security, according to Enza Iannopollo, senior analyst at Forrester.

In her speech to delegates, she said that organisations should ensure that if a service provider uses a new sub-contractor, the organisation should be told about it and have the choice as to whether it wants to tear up the contract or not.

The reasons for ditching a cloud contract could be that "the sub-contractor doesn't make you feel comfortable or doesn't align with the privacy policies of the organisation".

Advertisement - Article continues below

There should also be termination conditions on how long it takes for data to be deleted after a contract lapses and how data is returned to an organisation. Iannopollo also argued that there should be clauses on data subject rights to ensure that organisations, should they receive a subject access request, can quickly and easily source this data from their service provider.

Iannopollo said that organisations should only work with service providers that they trust, and only those that can provide evidence of how they are securing data, particularly as data regulators will ask organisations if they have carried out due diligence on those companies that provide them with a cloud service.

Thinking of hackers as normal office workers

While a great deal of the conference looked at the evolving nature of cyber security infrastructure, it also forced organisations to question their attitudes towards cyber crime in general specifically, what they think of when they use the word 'hacker'.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Scott Lundgren, CTO at Carbon Black, said that it is all too easy for those in the industry to think of hackers as being a bogeyman or infallible. They forget that they're real people, "stumbling through their days trying to get through their business goals of breaking in and stealing data".

"These are people who can be beaten," he said. "It is a positive fight, one that we can come out ahead on and one that we can apply ourselves to with a sense of optimism."

He said that the focus of IT security should be on how tools, processes and capabilities can be used to observe, detect and prevent hacking behaviour that is: "watching what the bad guys are doing and how they are doing it".

Carbon Black's Morley argued that the ultimate goal of this approach was to encourage organisations to be more proactive in how they defend themselves.

Advertisement - Article continues below

"Each time we force the adversary to adapt, we are winning, we are causing them to have to react," he said.

Thinking of hackers as just people, with responsibilities to their own version of a manager, means that if they are faced with a system with particularly tough network security they may need to raise this as an issue to someone more senior. If they are not around, this gets forgotten by the hacker and they don't go back to the problem network. "That's a victory for us," Morely explained.

Diversity is about building a community

Regardless of what stage your company is at when it comes to security, one thing that everyone can benefit from is greater diversity.

More and more women are coming into IT security and making a success of it but work still needs to be done to ensure greater gender parity and greater representation in the workplace. According to a number of industry panellists, the humble restroom can be an important tool for benchmarking gender diversity.

Advertisement - Article continues below

Sue Daley, associate director of technology and innovation at techUK, was keen to showcase an initiative called "Queue for the Loo", one that her organisation had been promoting for some time. Given that for most tech events and conferences, the queue for the men's toilet is far longer than the women's, the growing waiting time for the female toilets is considered a clear sign that things are improving.

The initiative provides an online portal for resources and information to encourage more women to tech events, as well as holding its own events, workshops, and networking in order to create an active community.

Daley said that the campaign will be judged a success when more women attend tech conferences. "I think we'll win when there is a huge queue for the ladies," she added.

Diana-Maria Molaovan, UKI cyber operations lead at Aviva, said that "sometimes you have to be the change if you want to see the change".

Advertisement - Article continues below

She has started to collaborate more with groups, such as Ladies of London Hacking Society, which promotes women in cybersecurity. She also encourages women to appear as often as they can at events such as this, and to share specialist knowledge with others.

"This empowers women to say, 'I want to share what I'm doing at work'," she added. "It's important to have your voices heard."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020