Addressing the weakest link in IT security: Human negligence

This year we've seen a number of security breeches caused by the one thing CSOs and CSIOs can't control; human negligence. In this article we sat down with Gil Zimmerman, CEO and co-founder of CloudLock about how to put in place security policies that are both effective and that staff will follow.

CSOs and CISOs have long since known that the weakest part of an IT infrastructure is the people they're trying to protect, how do you imagine CSOs and CISOs will combat this in 2015?

It’s all about educating end-users on appropriate sharing, collaborating and working in cloud applications in general. Since your users are already in the cloud, sharing, collaborating and working, CISOs and security professionals in general have to be vigilant about visibility.

Add that the world is multi-cloud and users, accounts and data span all of these cloud applications, your security team is running blind without visibility into all of them. As a cloud security company, we talk about the differences between traditional on-premises security and cloud security.

Implementing acceptable use policies as you would on premises is paramount but taking that one step further to automate the process and leverage people-centric security, where your users are involved in the process, takes your security program to the next level. Education becomes action. That is how CISOs can and should approach addressing the human factor in 2015.

This year has seen Shellshock, HeartBleed, and Regin hit computer systems to much media hype. Just how damaging are these vulnerabilities and how can businesses ensure that they minimise the negative impacts?

Incidents like these aren’t going to go away. Any breach or vulnerability is damaging, no matter how small because it proves that something was unprotected. There was a way in, so someone wasn’t doing his or her job.

But often even more incidents, the ones you don’t always hear about, are caused by employees inadvertently exposing corporate assets. Those are the most damaging and can be minimised through educating employees on how to use applications appropriately.

We couldn't have an interview at this time of year without discussing the future. What do you think the biggest security gamechanger in 2015 will be?

Cloud Security. The growth rate for cloud adoption is increasing exponentially.

Last year organizations focused on the cost-benefit analysis and generally deciding whether to move to the cloud but what they didn’t realize at the time was that their users were already moving there and taking the organization’s assets with them.

The year 2015 will be when organizations come to terms with the fact IT no longer gets to decide what applications and software users are installing; they’re already there. They’re already working in the cloud and corporate assets are already outside the visibility of the security team. What they need to focus on is finding security solutions that provide their teams with the visibility needed across multiple clouds. That’s why cloud security will be the gamechanger in 2015.

A big thanks to Gil for finding the time for us to talk, you can follow him on Twitter @giljzim. CloudLock is a finalist in the Tech Trailblazer awards, if you found Gil's comments useful please vote for them here.