When one of our clients recently threw out a challenge to their competitors in their industry to pick up their game in terms of not only security, but being more open about their security, it was the culmination to an engagement like no other we’ve ever been involved in. (http://www.instructure.com/blog/2012/01/24/some-secrets-hurt/)
First up, we’ve never had a client request a journalist be imbedded into a security testing exercise like this. This presented us with many things to think about.
While we were not totally against the concept, we did preach caution and somewhere along the way, we came to a middle ground with Instructure in terms of what would be published for all to see. You can read all about this; the history, driving forces, the approach and the results here: http://mfeldstein.com/analysis-of-instructure-security-testing/
The Internet has seen quite a bit written about this project and for most part, the reactions to Instructure’s approach have been positive. We’ve seen nothing to suggest that this has just been purely a marketing exercise on Instructure’s part and we do expect they’ll continue to practice what they are now preaching.
This leads me to the question; can “security” work as a competitive advantage for businesses – leading to increased market share? Many expect the answer to be “yes”, but is it really?
I welcome your comments on this topic - it would be good to have a discussion here about it.
In the meantime, we’re watching with great interest to see if our client will reap the benefits of their openness. Stay tuned.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.