via Government Computer News
Robert Carey, the Defense Department’s deputy CIO, recently summed up the state of cybersecurity: “It’s the information, stupid.”
The introduction of increasingly powerful mobile devices and adoption of cloud technology have made the enterprise perimeter — already blurry –even less distinct, and that’s forcing organizations to focus on protecting information more than infrastructure.
“It creates a dilemma for us,” said Carey, who participated with other government officials in a panel discussion on cybersecurity hosted by FedScoop. Agencies are pressing ahead with the adoption of cloud computing “albeit with caution.” New technologies, such as Internet-enabled handheld devices, are being adopted because of their convenience. Yet “security is the antithesis of convenience,” Carey said, and users will need to accept some restrictions on their access to information.
Rapid innovation forces administrators to adapt quickly with new technology and policies for IT security. But the changes also create opportunities, said retired Rear Adm. Betsy Hight, now vice president of Hewlett-Packard’s cybersecurity practice. Hight said the network no longer is the primary target for attacks. Seventy percent of attacks now target applications, and that is a shift in the threat landscape that has not been adequately dealt with.