John Bordwine, chief technology officer, Symantec Public Sector organization
What you’re seeing with the latest rash of cyber security incidents is a point we’ve been trying to emphasize for some time now: With regards to protecting information, the emphasis should be on securing the information and not the devices or the infrastructure. In addition, more folks are starting to use devices of their own choice to do their job, whether they may or may not be sanctioned by an agency’s IT department. When you throw in growing use of the cloud and how folks are taking advantage of social networking groups and social media communication for work purposes, it makes focusing on the device even more obsolete. As such, in my opinion, you’re going to see IT departments become more responsible for managing information, and also developing new policies and practices around the expanding infrastructure. It used to be when you needed a new computer, IT would set it up for you and deliver it to you, and if you had any problems, you called them. Nowadays, some folks may be using devices that the IT guys don’t even have. Thus, you’re going to see them focus more on information – who’s accessing it, are they really are who they say they are, should they be authorized to access that information, is that information being used or exported in an authorized manner to authorized places, has it been backed up, has it been stored, have compliance and governance considerations been taken into account. As today’s cyber threats continue to become more targeted and arise from different directions, it’s important for IT departments and their managers and executives to remember: Focus on the information, not just the device.