If you aren't yet familiar with Skyport Systems, don't delay... get them on your radar.  Skyport Systems develops Hyper­Secured Infrastructure (HSI) that ensures the security of mission­ critical IT and corporate assets, with tight integration of compute, security, virtualization and policy management.  The company's leadership team includes some of the world’s leading experts in virtualization, cryptography, systems engineering and networking. 

With a lot of security questions coming my way lately, I reached out to Art Gilliland, CEO of Skyport Systems, and asked him about the changing landscape of datacenter security as we kick off 2016.

VMblog: I get asked this a lot.  Can you explain to readers what cybercriminals are usually after? And what should companies be protecting?

Art Gilliland:  Most cybercriminals are motivated by money, leading them to target information they can easily sell. There are robust black markets for credit card numbers and personal identity information, and these are the thefts we hear about the most. They pursue a smash and grab approach, trying to quickly get into an organization, find the systems with the goods, stealing it, and then moving on. 

VMblog: And where should a company start as they go down the path of trying to secure their data today?

Gilliland:  Getting into an organization's network these days is too easy, so the best approach is to harden key servers the criminals go after. Protect your exposed systems with valuable data in the DMZ and in partner networks, focus on IT systems like Active Directory that give free passes for criminals to freely wander around, and harden the servers where your sensitive data lives.

VMblog: If you're a company planning your security efforts, what should your goals be? And can you actually defend against getting hacked?

Gilliland:  There is a dichotomy in security today. While budgets have steadily gone up, so too have the numbers of breaches. The need to protect data is more important than ever, yet security practitioners and corporate executives have less confidence in their organization's security than ever before - demanding a re-think of how we engineer security into organizational infrastructure. Instead of trying to protect everything with firewalls at the network perimeter, it is more effective to build secure enclaves around your most important assets. This is the same approach we take to physical security - we don't stop everyone at the front door, instead we put valuables in the safe and passwords on our personal computers.

VMblog: Studies seem to indicate that the highest cost (per capita) of a breach is employee training. What can companies do to better manage security standards and training?

Gilliland:  Companies at the vanguard of security awareness do a great job of regularly training and accrediting their employees with practical knowledge about security issues. They use examples based on day-to-day situations so people understand their actions have consequences. This is tied to active employee testing so people experience situations in a safe way. 

VMblog: Based on your expertise, can you provide us with a few security best practices that companies should be following?  

Gilliland:  Employee training is certainly one piece. It's also important to do a sober assessment of risks and priorities. Too often we see organizations over invest in network perimeter security at the expense of almost everything else. Effectively, this is placing all of one's chips on a best-case scenario (that no one will ever achieve access), while ignoring insider threats and ordinary mistakes. A more effective approach assumes that breaches may happen, and balances resource investments to focus on additionally securing the organization's most valuable assets individually.

VMblog: What precisely is changing in database security that isn't getting the attention of the mainstream press? What specific challenges exist today verses years past? And what will it mean for enterprise security as databases and applications become increasingly distributed?

Gilliland:  There are three mounting challenges in database security that are tough to address. The first is credential theft. Criminals identify employees and systems that have rights into the database, and then steal those credentials to furtively access a network using valid login and password keys. Second is the increasingly distributed nature of applications. No longer located in secure data centers, today's applications reside - or least have tendrils - into the cloud, in partner networks, and even in physically insecure remote offices. Propelled by the increasingly interplay between new technologies and the applications they facilitate, today most devices are connected at any time to one network or another, meaning security is no longer defined as only an IT function. The third challenge is the underlying dependence database systems have of the infrastructure they run on. Cybercriminals are getting smarter about using tools that compromise the operating system, which in turn makes it easier for them to break into the database.

VMblog: What measures should be taken to protect companies from the data security risks associated with vendors and other third parties? How should companies go about ensuring that effective controls are in place?

Gilliland:  IT systems are so interconnected these days it is hard to electronically tell where one device, application or network stops and another begins, making it necessary to become very granular with security controls and how to apply them to individual assets like application workloads rather than broad-brush approaches tied to protecting the entire company from the Internet. Organizations should ask themselves specific questions about their security: what are my most important systems, what are the policies protecting them, and is there auditable proof the policies are being enforced. For example, it is far more important to easily control and audit what systems and users have communicated with your Active Directory servers versus who's traversing your corporate firewalls.

VMblog: What about breaches caused by mistakes, the ones we don't hear about as much as intentional hacking? 

Gilliland:  The IT infrastructure is insecure by default, so the staff is required to assemble aftermarket tools and create internal processes to secure it. Some of the most well funded organizations with the largest budgets employ over 50 security tools yet they still get breached. Surprisingly enough, most attacks are not coming from the cybercriminal elite, but instead from small groups of semi-skilled folks with commodity attack tools who are persistent. They succeed because implementing security is too complex and it is not possible to protect everything. Humans are not perfect, there are always going to be process, implementation, and control gaps.

VMblog: Where do you see cyber security risks arising in the future?

Gilliland:  Criminals are market driven, and today they can easily sell credit card and personal information for profit. Imagine a world when there are markets where it is easy to pawn intellectual property, corporate finances and investments, business strategy, customer lists, or legal briefs. The amount of valued targets for cybercriminals to target would increase by an order of magnitude, as would the negative impact to a company's livelihood.

VMblog: And finally, what else can we expect to see coming from Skyport Systems?

Gilliland:  We're excited about the positive feedback our secure enclave platform is receiving. As we look forward, most of our effort will remain focused on optimizing our unique approach to protecting Active Directory and other critical IT systems, hosting legacy applications so they are no longer vulnerable and non-compliant, and providing cost effective application security in remote offices.

##

Thank you to Art Gilliland, CEO of Skyport Systems, for taking time out to answer a few questions from VMblog.com.