IT Security: Stronger Together

Abstract

Modern CIOs handle a multitude of roles within their companies, from deciding the strategic orientation of the IT environment to keeping data centers and devices running smoothly. As if this wasn’t enough in terms of responsibility, CIOs also bear ultimate responsibility for the security of data, applications and the IT infrastructure. Although ensuring the safety of the company’s digital assets has long been one of the core elements of a security strategy, new adversaries such as government-backed hacker groups, cyberespionage teams out for a quick profit and politically motivated activists have resulted in a “red alert” status for digital assets. And yet, while the current threat from these numerous attack vectors should be taken deadly seriously, many companies still believe that antivirus software, a firewall or simply taking a hush-hush approach are adequate precautionary measures. Antivirus software and firewalls are of course essential, even though both systems only form building blocks of an overall security model. But the time has really come to drop the idea of seeing security as a taboo topic not to be discussed in public. “Security by obfuscation” used to be considered a legitimate security strategy: If we don’t publish any information on a topic, then we’re not giving away any useful data—right? Wrong! Pretty much every proprietary software or hardware has now been hacked, simply because attackers found a loophole that manufacturers had overlooked. Which is why open source software is considered more secure: The multitude of auditors and developers picking through the code maximizes the number of vulnerabilities detected and the speed of their discovery. Going at it alone, hidden away behind closed doors, is not how IT security works. Attackers recognized this a long time ago, of course. Since hacking is a collaborative, team-based effort, why shouldn’t the good guys do the same?