September 29, 2015
Risk of losing income greater than risk of losing data, panelists debate.
Security is not about data being at risk, but livelihoods, partners heard at Continuum Navigate 2015 in Las Vegas today.
During a partner panel on cyber security, Raj Goel, CTO of MSP Brainlink International, told delegates that employee livelihoods are more important to protect than data.
“What’s really at risk from my perspective is the livelihood of the firm, the employees. At the end of the day, that’s the most important to protect,” Goel said. “Data is fungible; it will be leaked if not by the client, by third parties. So we see our job as being to help our clients stay employed, because the longer they stay employed, the longer we stay employed.”
And the current regulatory climate has less of an impact than might be expected on clients’ concerns about data, Goel added.
“We have seen more wheels turn with the conversation about livelihoods than hours of HIPAA or PCI regulations. No one cares about regulators, no one cares about the check-box exercises except for during their annual fire drill exercise, but they all care about their livelihoods,” he said. “And when we can tie in their behaviors to their pay checks, or lack thereof, that is when we see the biggest victories in users re-training themselves.”
But Matthew Hahn, VP of network services at SWK Technologies, said the risk presented by data is key to managing clients’ security needs.
“Risk is the key word. A client might tell you ‘I’ve got a malware pop-up so I can’t work on my computer for two hours, three hours’. The key issue here is what’s at risk. And what’s at risk is the data of the company, maybe information about your clients and vendors,” Hahn said. “So it comes down to adopting a computer usage policy that is fostered throughout the company.”
Delegates also heard that one of the most common mistakes in security is reactivity.
“One of the mistakes we all make is that security in and of itself is very reactive,” Jason Holbrook, chief technology integrator and security consultant at Empower Information Systems said. “We’re all kind of reacting – we get that call or the ticket comes in.
“But it should be about taking the time to be proactive. What are these logs telling me? What’s out there? What’s the latest threat? Have an open dialogue with your security vendors and do client reviews with your customers and talk about security. Am I looking for what’s around the corner or just reacting to that phone call? Proactivity is one of the hardest good habits to develop, but once we as MSPs have got that, it’s a better, more fulfilling offering.”
Source: http://www.channelnomics.com/channelnomics-us/news/2427932/security-about-livelihoods-not-data