The recent spate of data breaches at major U.S. organizations has raised questions about how effective current security tools and approaches are when it comes to dealing with emerging threats.
Private and public enterprises have spent tens of billions of dollars to bolster security over the past decade, yet malicious attackers consistently succeed in evading whatever roadblocks are thrown their way.
The trend has led many organizations to embrace a back-to-basics approach focused equally on people, processes and technology. Rather than viewing the security function as a bothersome cost of doing business, a growing number of organizations see it as a strategic enabler of new initiatives.
"Security and product development are not mutually exclusive," says Ron Green, MasterCard's chief information security officer. "We don't look at security as being a siloed responsibility."
Instead, MasterCard's security specialists are embedded with teams focused on identifying business innovations, in units such as MasterCard Labs, Emerging Payments and Enterprise Security Solutions, Green says. The focus is on managing products for the long term and using security to enhance the cardholder experience.
"Our executive team has the expectation that we build security into everything we do as a standard practice," says Green. And while that practice may add time to the project schedule, it's worth the trouble. "[Security] is table stakes for customers now, and you're expected to deliver," he says.
IT leaders say five key measures are needed at a strategic level to bolster security. The manner in which these measures are implemented might vary at a tactical and operational level. But the key, users and experts say, is to focus on the high-level goals.
To continue reading this article register now