Site icon IT World Canada

Don’t trust enterprise, vendor security claims: BlackBerry security chief

Trust in IT survey shows Canadian CIOs have work to do

Image from Shutterstock.com

BlackBerry’s new chief security officer has issued a “call to arms” for better cyber security standards because enterprise organizations have failed to protect critical data and placed personal information in jeopardy.

Appointed earlier this week as CSO of BlackBerry, David Kleidermacher asked individuals and various sectors to join the smart phone maker to develop an international standard that will assure people that personal and critical data are being protected.

“Raising assurance is the only way to get ahead of attackers instead of always remaining behind the, to prevent breaches instead of picking up the pieces,” he said. “…“But society should not trust the word of enterprise claiming great security.”

Organizations that wish to join BlackBerry in the initiative to improve cybersecurity standards can contact the company at highassurance@blackberry.com, he said.

Using as a backdrop the recent breach at Anthem Inc., one of the biggest private health care providers in the U.S., where tens of millions of personal records are believed to have been stolen, Kleidermacher, also questioned if better government and industry regulations provide adequate protection.

“Some will say better regulations is needed,” he said. “In the U.S. the Sarbanes-Oxley Act and HIPAA are but two of the many government attempts to enhance privacy protection and raise the cyber security bar…Does anyone believe government guidance is going to end our assurance crisis?”

He said Anthem will be “bludgeoned by the press for a while” and the company will later say that it has dealt with the problem, he wrote in a blog yesterday. This is something the Sony said back in 2011 after hackers exposed the account information of 77 million members of the PlayStation network only to end up having to deal with another breach in 2014, Kleidermacher pointed out.

Strong end-to-end security solutions that allow enterprise to manage and protect all endpoints and information that flows and resides across then and the cloud are needed, according to Kleidermacher. Of course he made a pitch for BlackBerry’s end-to-end security reputation.

However, enterprise organization should also be careful of vendor claims, the BlackBerry security boss said.

“Enterprises evaluating IT solutions must not blindly accept vendor security claims, no matter how well established that vendor brand is (remember when RSA spilled SecureID tokens),” he said. “Dive deep into the vendor’s assurance evidence and demand proof from independent experts.”

Exit mobile version