Enterprises Must Encrypt Data, Segment Networks to Thwart Hackers
NEWS ANALYSIS: In a vast room full of security technology companies, there's little unanimity about ways to improve data security. But top security researchers tell a different story.
Oxon Hill, MD— It should be no surprise when marketing executives for security vendors say that whatever it is their company sells is the best way to bolster data security. That is, after all, their job. That view certainly prevailed at the Gartner Security and Risk Management Summit held at Gaylord Convention Center just outside the Capitol Beltway that encircles Washington, DC. And as you'd also expect, the topic that came up in every conversation even vaguely related to security was the recent data breach disclosed by Office of Personnel Management. On June 4, the OPM disclosed that hackers had made off with millions of personnel records of government employees and others, including contractors with security clearances. Since nobody actually knows any solid details about what happened, speculation ran rampant. Fortunately, I was able to find some serious security researchers at the event -- people who were quietly advising some of those three-letter agencies at the capital that we expect are able to keep confidential data from being leaked or stolen. Their views were much different.
"This is why we need a new paradigm," Jasper Graham said as we talked in his hotel suite far from the crazed goings on at the Gartner event. Graham, who is senior vice president of cyber- technologies and analytics for Darktrace and formerly a National Security Agency cyber-security expert, said that the industry needs to abandon the idea that perimeter defense of the enterprise is enough.