January 03, 2013, 3:02 PM — In some shape or form, data protection is top of mind for most CIOs these days. It's no surprise that many CIOs list bring-your-own-device (BYOD)/mobile and cloud computing among the top things that keep them awake at night. Mobile and cloud erase the traditional security perimeter behind which organizations have hoarded their data in the past.
To attack this issue from both sides-to improve the efficient use of data within the organization while also improving data protection-one information security and privacy expert says organizations need to take a cue from the government sector, particularly the U.S. Department of Defense (DoD).
"The cyber risk is an asymmetric threat," says Andrew Serwin, CEO and executive director of The Lares Institute, a think tank focused on technology, privacy and information governance. He is also the founding chair of the Privacy, Security, and Information Management Practice and a partner of Foley & Lardner LLP and advisor to the Naval Post Graduate School's Center for Asymmetric Warfare advisory team. "What that really means is there are organized actors who try to use information against us and create an information imbalance. They find the weak link and attack."
These days that weak link may not even be within your organization. For instance, maybe one of your suppliers doesn't follow the same security protocols you do. An attacker could penetrate that supplier's defenses and from there move up the chain into your network.
Information Superiority Allows You to Optimize Risk
"This is not a technology problem," Serwin says. "It's an information problem. What I have been advocating to deal with that is a doctrine that started at DoD, which is Information Superiority. At DoD, they want to have command and control of the information domain. In the private sector, that means you want to make superior use of information within the company to reduce cyber risk, increase profit, reduce costs and protect against brand damage."
According to the DoD, Information Superiority is "a relative state achieved when a competitive advantage is derived from the ability to exploit an 'Information Advantage'," and as "the ability to develop and use information while denying an adversary the same capability."