On Tuesday night, I was one of those people who attentively watched the State of the Union address. I would have watched no matter what because I always do, but this year, I was interested to hear if the president would mention cybersecurity in his speech. After all, the topic has been generating a lot of interest in Washington and that includes recommendations coming from the White House.
Well, the president didn't disappoint on this topic. While it didn't get the same thrust as other issues, President Obama did address the importance of cybersecurity legislation and the need to protect our network infrastructure from attack. Quoting from a Homeland Security Today article, the president stated:
To stay one step ahead of our adversaries, I've already sent this Congress legislation that will secure our country from the growing dangers of cyber-threats.
The article went on to add:
The president cast cybersecurity legislation as a necessity to protect American businesses from foreign adversaries, be they enemy states or individual malicious actors or terrorist networks.
I applaud the president for putting cybersecurity out there in his State of the Union address. I hope people will pay attention and take heed that cybersecurity is a growing concern and needs to confronted on multiple levels. Legislation is a starting point.
I also appreciate that Josh Shaul, CTO of Application Security, decided to present a cybersecurity version of the State of the Union address, focusing on the security of databases. He titled his piece, "It Is Time to Evolve How We Protect Our Data." (Don't worry, it is much shorter than the president's speech, and only took me about two minutes to read.) His point, as I saw it, is that organizations are throwing money at trying to solve the security problem, yet we are still vulnerable to attacks. The recent rash of breaches show that while we might be taking care of big-picture security, the small things, like simple encryption, are bypassed. Shaul wrote:
We must step back for just a moment and think like a hacker-when someone attacks your organization, they generally want to steal your data. With that simple thought in mind, it is time to evolve the way we protect our data, and start to focus our security efforts on the data storage and access points themselves, rather than on the network environment that the data lives in. For the vast percentage of sensitive information stored by enterprises, that storage and access point is the database.