What security challenges can't be addressed with technology solutions?

There are all these technical attack services, but the bottom line is that the exposure comes from the human aspect. So much education has to be done. But again, it’s still a matter of Governance, risk, and compliance (GRC). A couple years ago, at a multibillion dollar company, the guy who was in charge of security was also the enterprise architecture and infrastructure guy. I said, "You know, it's not a part-time job. You need a CSO office." Even with Wombat/Proofpoint, these things generally fail because someone clicked the link after you've educated them so many times. So how do you make it fail-safe? Your Office 365 has a little phish button. This is a phishing email, send it off to those people.

Anonymous Author
There are all these technical attack services, but the bottom line is that the exposure comes from the human aspect. So much education has to be done. But again, it’s still a matter of Governance, risk, and compliance (GRC). A couple years ago, at a multibillion dollar company, the guy who was in charge of security was also the enterprise architecture and infrastructure guy. I said, "You know, it's not a part-time job. You need a CSO office." Even with Wombat/Proofpoint, these things generally fail because someone clicked the link after you've educated them so many times. So how do you make it fail-safe? Your Office 365 has a little phish button. This is a phishing email, send it off to those people.
2 upvotes
Anonymous Author
We've got 1500 different roles which control access in our enterprise resource planning (ERP) systems. When the information comes into our data lake, is 1500 the right number? Is it 50? What are the right security controls? Is there any such thing as the right way to do it? That’s the million dollar question. It's not necessarily a technology problem. You can make multi-million dollar investments in all kinds of memory applications, system databases, the coolest virtualization and analytic products, but unless you tweak your processes from a people standpoint, you're not going to get the most out of them.
2 upvotes