Behavioral analytics. Cloud governance. Machine learning. At this year’s Black Hat USA 2015, these were just some of the terms that dominated the sessions and exhibit hall alike.

For healthcare security professionals responsible for protecting incredibly sensitive and increasingly desired patient information, if these aren’t top-line concerns and agenda items, you and your team need to consider revising your to-do list.

First and foremost, from my experiences at Black Hat, the level of quality and professionalism that’s consistently displayed is worth noting. From educational talks to informational and dynamic booth displays, I am never disappointed with my decision to attend and always walk away with new information and connections. For me, this event is a can’t-miss.

From a technology perspective, there were many solutions for improving cloud governance and discussions on cloud management, specifically data loss and data loss prevention (DLP). In addition to offerings that ensure your solutions can interact with staples such as Salesforce and Dropbox, and solving for corresponding data leakage risks.

But in terms of the top takeaways and trends, one topic that stood out at this year’s event was behavioral analytics. Similar to another event I attended this year, RSA, at Black Hat the conversations were focused on how to protect beyond your perimeter by using behavioral analytics.

Now as a cautionary tale, I am eager to see how this market continues to evolve. I suspect that some of the more traditional infrastructure companies, whether focused on IT or security, will likely build behavioral analytics into their existing products, with the result being a collapse of market space.

One example of this is IPS, or intrusion prevention systems. Today when you buy firewalls, IPS is built into them, with companies like Cisco, Palo Alto and Juniper, who were all founded on legacy controls, now having emerging products that include cloud governance capabilities. We’ll have to wait and see what develops and how enterprise organizations continue to evolve.

As far as protecting beyond your perimeter, there are a lot of new companies that are coming into the space as well. Why? Many feel that as organizations continue to utilize the cloud and expand beyond their borders, infrastructure and data – whether intentional or not – will find its way into cloud storage and other sources.

Ultimately, organizations need to extend their controls beyond their own infrastructure and stack, and thus need to learn how to govern without having direct control over the assets. Do I know where my information is? Can I control it? Encrypt it? Protect it? Security leaders must be able to answer these questions.

There has also been positive momentum around big data recently, particularly in terms of machine learning, and this was another key theme addressed.  Moving beyond scientific terminology to actual, tactical approaches, machine learning is an example of big data in action.

Security leaders often tend to think on the “defensive,” focused on addressing threats before they become issues. As I have mentioned in my past blogs, companies need to be prepared for threats and breaches, and machine learning enables organizations to detect anomalies through things like signatures, and thus detect threats or breaches on the network when and where they happen.

From expanding cloud governance strategies to the utilization of big data, behavioral analytics and machine learning, there were many trending topics worth consideration at this year’s event. Stay tuned for Part 2 of my Black Hat Round Up, where I’ll dig more into the growing market around breach detection solutions and discuss what this means for healthcare companies.

If you have any questions or comments, please let me know by commenting here and reach out on Twitter at @Surescripts, @PaulCalatayud!

The post Behavioral Analytics, Intrusion Prevention and the Cloud: Insights from Black Hat 2015 appeared first on Security Current.

Over the past few years, there has been an uptick in cybercrime on a mass scale, with hackers gaining access to personal information of millions of people. Breaches at well-known, successful companies such as Target and Home Depot make national news.

In more recent years, healthcare organizations are increasingly becoming the target of cyber-attacks. The threat of information leaking and security vulnerabilities are undeniable, advancing the need for strong leadership to help manage security initiatives and ensure companies are safeguarding valuable customer data.

This is where a chief information security officer (CISO) steps in — to maintain processes across an organization to minimize IT security risks. Below I share my perspective on the evolving role as  Surescripts’ security chief and how the position can and must fit into the organization’s overarching leadership framework.

What makes for a successful CISO?

A CISO needs to adapt easily to change. Technology is constantly evolving and a successful CISO understands that. Big data is just one example. And as new technology and trends like big data emerge, we as CISOs need to figure out how they fit into our security landscape.

In the CISO role, always being a student and learning is a must. You can’t just learn a skill once, apply it and be done. There is always a need to refine and adapt. In other fields, you must have certain skill sets and a specific background, but once you acquire those, you are able to apply your experience in a fairly standard manner.

With security, it’s constantly changing, and a CISO needs to be continuously learning and adapting. You always have to account for the privacy impact, address challenges and opportunities – and now, to understand this, CISOs essentially need to become data scientists as well. It’s par for the course.

What are some of the changes in the role of the CISO?

Responsibility and span of control are changing. Traditionally CISOs are responsible for infrastructure, security and focus on technology. Now, CISOs also have to have a deep understanding of how the business operates and its objectives to be successful. How is tech moving beyond simple infrastructure? What is the effect of the cloud? What is the impact of a BYOD culture? All these new trends are expanding the CISO role.

Regulations and compliance also are resulting in new challenges. Today’s CISO needs a different mindset and skillset related to the business, beyond security and technology. For example, how do you determine the value of IT investments? When making risk-based decisions, it is part of the role to be able to show results and demonstrate value. There is a constant need to explore new capabilities. CISOs have a responsibility to identify metrics that tie back into the business. And this introduces another challenge: business alignment.

Business alignment requires CISOs to become core general managers who are well aware of the organization in its totality. There are expectations around this now, so CISOs need to build those relationships within the company and related business competencies.

Traditionally, a CISO is focused on things like anti-virus, malware, and securing firewalls. But if the company is going to apply risk-management methodologies that impact how business decisions are made, those choices must relate back to overall business function.

CISOs also need to ensure their investments are the right ones. Now that we have the budgets, we need a level of trust and transparency. And for most CISOs coming from a science and technology background there always is a need to develop, hone and acquire those additional business skills.

Who is a CISO’s “partner in crime” within the organization? Who are the decision-makers with whom a CISO should align themself?

First, it’s the Chief Information Officer (CIO). A CISO’s relationship with the CIO is a necessary component for success. Even if you’re looking at third-party organizations and their risk, it’s a moral hazard to say you’re no longer focused on IT as a CISO, because then you’d alienate your biggest ally – the CIO.

You must continue to foster and develop your CIO relationship to ensure success. When going to the Chief Financial Officer (CFO) and talking about financial risk, they’ll say, “talk to the CIO,” so it’s critical to make decisions together and jointly educate the CFO on the technology.

While some of the decisions might be purely technology decisions, at the end of the day, it’s the CFO who owns the risk. The CFO is a good partner because, ultimately, that’s where the money trail is. The CFO helps you know how the business is doing and how much opportunity is out there in terms of investment and spend.

Next would be the Chief Operating Officer (COO), where organizational management decisions occur.

CISOs also need to coordinate with various business units and know what else is going on across the organization. Throughout your tenure, continue to build key allies and relationships across the executive management team.

How can CISOs work with partners and customers in terms of security? What are things to look for, avoid or best practices?

First thing, I’ll ask, “Is there a CISO?” And if so, “Where does he/she report?” This is a really telling indicator of the organization’s maturity. If a CISO reports to a VP, it’s more of a title than a position of accountability. The CISO should have a level of control and ability to make decisions and act at the peer level with the CIO.

So start there, and then look at the structure of the company and how viable it is. For example, if you’re looking at a three-person shop, it’s hard to achieve anything when the person responsible for security also has other responsibilities. Nine times out of ten, the last thing they’ll be thinking about is security. They will be focused on tech uptime and business revenue. A lack of a strong CISO might not be the determining factor as to whether we do business with an organization or not, but it might influence contract terms, and how we determine and manage the risk of that relationship.

I have yet to see the perfect alignment in one individual. I tend to model my experience off of various people, but I’m also trying to blaze my own trail. I collectively look at traits of others and put them together. The industry and maturity isn’t there yet, so I look at it in pockets, taking five percent of everything I see and turning it into a perfect whole.

Continue the discussion with a comment below or online on Twitter with @Surescripts or @securitycurrent or directly with Paul @paulcalatayud.

The post The Ever Evolving Role of the Chief Information Security Officer appeared first on Security Current.