Andrea Danti - Fotolia

What are the top information security objectives for CISOs?

Bloggers delve into CISO information security objectives, Juniper's new product release and how self-sufficient networking teams should try to be in an area of increasing complexity.

Jon Oltsik, an analyst with Enterprise Strategy Group in Milford, Mass., is researching some of the top information security objectives for chief information security officers in 2018.

First and foremost, he wrote, CISOs are increasingly focusing on business risk, shifting from a bottom-up to a top-down perspective and broadening security controls to protect all technologies used by an enterprise. Information security objectives also increasingly include the cyber supply chain and vendor risk management, as well as the tactics, techniques and procedures used by potential adversaries.

According to Oltsik, in the past, information security objectives seldom embraced an understanding of malware and hackers as anything more than generic threats. Increasingly, CISOs want to gain insight into the unique threats posed by criminals who may now be based anywhere.

In addition to understanding threats, CISOs are focusing their attention on data security, as cloud computing, mobility and new regulations such as General Data Protection Regulation make this area one of growing concern. CISOs want to know where sensitive data resides as it shuttles to and from private clouds. Taken together with other objectives, Oltsik also said security awareness training -- a perennial activity -- is shifting from a check-box exercise to more meaningful education.

Explore more of Oltsik's research on CISO information security objectives. 

Juniper focuses on multi-cloud with new products

Drew Conry-Murray, writing in Packet Pushers, analyzed Juniper Networks' launch of a new slate of products centered on multi-cloud. Juniper is working to connect enterprise workloads across on-premises data centers and the public cloud. The new product lineup includes QFX leaf-spine switches for data centers, based on Broadcom chips and Juniper application-specific integrated circuits.

Additionally, the vendor is launching cloud-based management for SRX and EX Series switches and firewalls through its SaaS, Sky Enterprise service. The product helps with provisioning and deploying devices, conducting configuration changes and monitoring resource usage.

Along with the other elements of the new product line, Juniper integrated its SD-WAN system and the vSRX virtual security appliance. Customers are able to use templates for setting up virtual appliances.

According to Conry-Murray, the release comes as Juniper, VMware and Cisco see more and more customer workloads shifting into the cloud. To stay relevant, vendors are making products easier to operate and are persuading customers to use vendor-issued software and services geared to the public cloud.

Conry-Murray said Juniper's lineup joins other examples of products in this area, including Cisco SD-Access and DNA Center, as well as VMware overlay fabric, spanning from the data center to the branch and public cloud.

"For those in the enterprise IT trenches, these are interesting times. The legacy vendors are going to come calling with flowers, candy, and love poems that promise the moon," Conry-Murray said. "Enjoy the attention, but make sure you know exactly what you want out of a relationship before you commit to a suitor."

Read more of Conry-Murray's thoughts about Juniper's product release.

How self-sufficient should networks be?

Ivan Pepelnjak, writing in ipSpace, said pundits envision a future in which networks are as simple as driving a car. He gave the example of his first car, a "simple mechanical beast," for which he could fix 80% of problems.

By contrast, one of Pepelnjak's more recent cars -- like more complex modern networks -- was highly distributed, and only a seasoned mechanic could resolve its problems, which stemmed from a design flaw its designers had never anticipated. To achieve simpler networks, engineers have focused on systems such as QFabric, Application Centric Infrastructure, software-defined networking and intent-based networking. However, Pepelnjak said the law of leaky abstractions gets in the way.

If a network goes down, administrators may have to wait for the vendor to use its diagnostic tools, potentially causing serious challenges for the business. In Pepelnjak's perspective, it remains to be seen whether engineers will be able to reformat a network during an outage or rent a network, much as a motorist might rent a car while his or her primary vehicle is in the shop.

Pepelnjak said, for some organizations, the cost of occasional downtime is less than that of having competent staff. These organizations, he said, must carefully consider the potential outcome of an outage when new technology breaks. His advice: Echoing a contention made by Gartner, Pepelnjak said organizations should plan to invest in premium staff instead of premium vendors.

Dig deeper into Pepelnjak's ideas about network self-sufficiency.

Dig Deeper on Network security