January/February 2013 (Vol. 11, No. 1) pp. 11-12
1540-7993/13/$31.00 © 2013 IEEE

Published by the IEEE Computer Society
A View from the C-Suite
Edward G. Amoroso , AT&T Labs

Hugh Thompson , Blue Coat Systems
  Article Contents  
  In This Issue  
Download Citation
Download Content
PDFs Require Adobe Acrobat

Businesses need to make trade-offs: they need to balance resources between delivering technology that will help them grow while committing resources to protect the enterprise. This special issue taps into the business view of information security.

An important shift is happening in IT. People now have an unprecedented array of choices in the technology they use in both their personal and business lives. They have the ability to share information quickly, to collaborate, and to select from a rich and growing ecosystem of services online.
In the midst of this change, in the thick of the opportunity for people and businesses to personalize their experience with technology, there's also a set of risks to businesses and government agencies that come from breaking the model of monolithic enterprise IT. Cybercriminals are becoming more organized and can operate at scale. Hacktivists seek to exploit weaknesses in people and technology to further a social agenda. We're to the point where nation-state actors can launch sophisticated and tailored attacks against both corporations and government agencies.
The practice of enterprise security has moved beyond building a fortress between the intranet and the Internet, and businesses are working to balance resources between delivering technology that will help them grow while deploying controls to protect the enterprise. They need to justify important investments in security but often lack the mature metrics that accompany other areas of IT infrastructure.
In This Issue
The articles in this special issue come from several information security leaders in the business community who are charged with protecting enterprises in a rapidly evolving threat environment with big changes that are happening in the way that employees consume technology. Dave Martin, chief security officer at EMC, talks about the need to ingrain security in the core of applications in "Implementing Effective Controls in a Mobile, Agile Cloud-Enabled Enterprise." In "Authentication at Scale," Eric Grosse and Mayank Upadhyay from Google's security team talk about the challenges and opportunities for authenticating at scale. Edward G. Amoroso, AT&T Labs' chief security officer, looks at how as an industry we can deliver protecting systems and data as the network perimeter fades away in "From the Enterprise Perimeter to a Mobility-Enabled Secure Cloud." Finally, in "The Human Element of Information Security," Hugh Thompson looks at how refocusing on the technology-human interaction has the potential to reshape enterprise security.
These articles together help give a perspective on where security sits in the enterprise agenda and some of the key challenges and opportunities that exist.
Edward G. Amoroso is senior vice president and chief security officer at AT&T Labs, where he has been involved in cybersecurity work for almost three decades. His technical interests include enterprise risk management, mobile service protection, and cloud computing security. He received a PhD in computer science from the Stevens Institute. Contact him at eamoroso@att.com.
Hugh Thompson is chief security strategist and senior vice president of Blue Coat Systems. His research interests include security metrics, software security, computer-human interaction, and behavior-based security. Thompson received a PhD in applied mathematics from the Florida Institute of Technology. He's program committee chairman for RSA Conference and is on IEEE Security & Privacy's editorial board. Contact him at hthompson@peoplesecurity.com.