sponsored

Security Insider Interview Series: Rodney Joffe, Senior Vice President & Senior Technologist at Neustar

Neustar’s Senior Vice President, Senior Technologist, and Fellow Rodney Joffe, who has also served on the Federal Communications Commission’s Communications, Security, Reliability and Interoperability Council, believes the best approach is smarter and simpler.

blog rodney joffee 2
Neustar

Security is certainly a moving target. Cyberthreats and the perpetrators behind them are constantly evolving. Modern security practices and technologies must continuously evolve as well to keep pace. Neustar’s Senior Vice President, Senior Technologist, and Fellow Rodney Joffe, who has also served on the Federal Communications Commission’s Communications, Security, Reliability and Interoperability Council, believes the best approach is smarter and simpler.

Every time there are advances in cybersecurity, it seems the bad guys are one step ahead. In this intricately connected world, can we ever truly get ahead of the threat of cyberattacks?

No; next question. Actually, the thing you have to understand is we have constraints built in that the bad guys don’t have, and that’s their edge. I believe we have the talent, we have the technology, we have the reach, but we also have a moral compass that in most cases restricts us. We have to find ways to compensate for the agility of the bad guys. We’re never going to get ahead of the threat. We have to adjust the way we look at things.

Is it a question of better security technologies, better security practices, more investment in security, increased awareness; or some combination thereof?

It’s all of the above, but I’d say better security practices are probably more important. We can improve what we do. We don’t need more investment in security, but smarter investment in security. Sometimes the most expensive solution is not the right solution. The more you pay, things tend to get more complicated. And those complications add vulnerability. You have to be smarter in what you do. Sometimes the simplest things make the most difference.

What do you think is the key to creating the most efficient security posture?

You need to understand, “Where is the greatest risk?”  What is the part of my business that—if it was compromised—would cause the most damage to the company? Think of a chemical company: the most important thing is small group of scientists who create the intellectual property. You want to identify those people who would cause most damage if they left or if something happened to them. [Protecting them] could be as simple as not putting their names on the company roster.

Do you think we collectively have access to the data and intelligence we need to maintain an effective security posture, but have not yet determined how to properly mine or analyze that data?

Yes, the data is absolutely there. If you work through it systematically, you have really good chance of understanding where your risk is and how to improve [your risk posture]. The bad guys are continuously evolving though, so we may have that data today, but you have to have a process to change. How do we keep track of that [new data], then add it to the risk analysis?

What sort of enhanced security technologies and practices are you working on now?

For us, the major push is around OneID. It’s really about understanding every piece of your infrastructure; that means people, places, and things. We’re working on capabilities and technologies to being able to authenticate every piece—the people to whom they connect and the things to which they connect.

How do you see technology evolving to better protect organizations against cyberattacks?

We’re going to see the next generation of the Internet that is no longer the public Wild West. It’s going to be a much more localized infrastructure. You’re going to add access for other organizations as you need them and trust them. You won’t have this global, “I can do anything from anywhere.” That model is not going to work going forward.One other area we have to deal with is that once we identify the bad people, we have to have a mechanism for punishing them or discouraging them from continuing to do what they do. In almost every case there’s a financial calculation. We have to make it more expensive to get to you than the value of what they’re going to steal.

Related:

Copyright © 2017 IDG Communications, Inc.