defendyourdomain

Organizations are constantly under attack from external threats, it’s never ending. #overwhelming

I'd say both, both internal is more often overlooked.

Et tu Brute - internal threats are less expected

both

Insider attacks are often more costly, but outsider attacks are more prevalent given their variety (DDoS, malware, ransomware). Both are painful @IBMLinuxONE

@StevenDickens3 Exactly. Don't prep for just insiders or just outsiders. Assume they're both on the way.

Internal threats are more concerning though because they come from players and places and at times we don’t expect #insiderThreat

I'll use my consultant's answer again: it depends

@majorhayden 100% agree, did you see the Twitter insider who shut down President Trump's twitter account...

Depends on your business, your client profile, your staff, etc. etc.

@dianamhenderson The increase in outsider attacks from state sponsored entities is extremely alarming to me.

@craigmullins everyone is open to social engineering...

you usually trust people within your organization, so being attacked from the inside was usually unexpected and for so more dangerous.

You have to be prepared to protect against both

Both. Internal you have home field advantage, external you get the advantage of more team collaboration due to the external nature of the threat. Again, this all depends on your team - their wherewithal and bandwidth to quickly find the RCA.

Making security part of a company’s daily hygiene and management processes

Not thinking about security at the tail end of application development

Make it automated and free up the humans to do really valuable work.

Operationalizing #security speaks to one of the growing movements around #DevSecOps and integrating security into the application development lifecycle through to deployment in production

Security isn't a dev problem or an ops problem. It's a problem for everyone to tackle.

@majorhayden or run it on a box where its encrypyted 100% of the time, all the time

Security is present by design, not bolted on.

@jmertic "Security by design" is a concept that has come up in a lot of our client discussions. @IBMLinuxONE was designed with security in mind.

@NickSardino Quite true, and @IBMLinuxONE has some nice built-in security features to boot. ;)

@jmertic agree, you can't bolt security on at the end..

@NickSardino Security still has to be part of the full stack of the application. Including having a good way to see the code you are pushing into production.

@jmertic agreed. Security cannot be added on at the end

Key to security operations is rapid detection and incident response. A data #breach may feel inevitable. #SOC

It would be great to see more #devsecops minds looking at this code and seeing how to invest more into algorithm development for finding issues as they pop up https://github.com/o...

@majorhayden also make it pervasive, and get people to focus on other more valuable up the stack activities

When security is imbued into everything we do in IT, then we have operationalized security; we are not there yet

@NickSardino Complementing your thought, you could get more information here: http://ibm.co/2gB8HQ...

IMO it means baking the security aspects directly into the product at each step of your methodology. What used to be something more of an afterthought has become the number 1 area of concern for many folks. It's really a mindset of the biz.

Most organizations are worried about the threat of a breach and meeting complex compliance mandates

Threats are all over the place! Cybercrime, APT, Fraud, Physical Threats, Terrorism, Insider Threats, Hacktivism and Nation-State Threats

Malware, patching maintaining security hygiene, adapting firewalls, high impact events and internal or external threats are a few of the challenges facing organizations today

Nobody wants to be the next big name in the headlines. Reputational risk is a huge concern.

Adapting your security strategy for the #cloud is a current challenge

I consider its malware and the budget needed for a proper cyber security program

Business are challenged with making data always available to the customers/employees while keeping it safe from attackers.

I'd add the fear of the unknown - code origins, account credential sharing, and data origins.

Today's software-defined-everything world make it challenging to use older methods for securing infrastructure.

Staying current as hackers adapt and modify their attack methods is also challenging

Today's software-defined-everything world makes it challenging to use older methods for securing infrastructure.

@craigmullins Knowing when to go to (which) cloud is quite a challenge, too. ;)

And let's not forget #GDPR, which comes into full force next year. There are many security aspects to compliance

Partnering with compliance officers to address changing geo and industry regulations often keeps security professionals busy

@majorhayden @craigmullins agreed on the challenges of security in the cloud

@craigmullins HIPAA, PCI DSS the list goes on

Everything from the GDPR to the fundamentals (SSAE-16 SOC 1/2/3 Type1/ 2, HIPAA, PCI DSS AoC, Trustwave Certificate, HITRUST, U.S. Government OIG and SAM, GLB).