Exclusives

It is possible to have consistent security from the perimeter edge to the cloud, while simplifying operations and obtaining the data intelligence needed for artificial intelligence and machine learning to drive better user experiences, John Jacobs, field chief information security officer (CISO) at Fortinet, said at the Dec. 6 Content Protection Summit (CPS), during the session “How Evolving Workplaces Demand a New Approach.”

Jacobs discussed how a leading visual effects organization achieved clear business benefits by modernizing its approach to today’s work-from-everywhere workforce.

Noting that his current role is field CISO, he joked: “The CISO title really didn’t exist until about five or seven years ago when the CIO or the CTO said: “We’re going to get breached. I would like someone in between me and the crew to get fired instead of me. So that was the impetus.”

Discussing a specific customer, he said: “One challenge we often face is “customers don’t want to talk about what they do with security. Nobody does. One because it could make them a target or help people identify what it is that they do: If I use vendor A for the door locks on my building, well ultimately can someone go research [the] vendor [and] hack into what they do? And now I’m a target. It’s a real risk.”

As a result, he said: “We’re very cognizant about that: trying to abstract users and information about the organization. But if you look at this organization [in question], it’s a media and graphics company [that has] done well; they’re growing.” That company has offices around the globe and it’s going into a global economy where they’ve got people doing either pre- or post-production work. But they saw the number of workers just explode around the world from a remote worker perspective” a few years back.

Although it was a “few years back.,” they “knew that the hybrid workforce was the thing of the future and I think this is something that’s more accepted in some industries than” others, he said.

Content, meanwhile, was increasingly “being shared, distributed, sent across wide area networks [and] stored in public cloud,” he said, adding: “This idea of security at scale and at speed, scale is solved by public cloud , you could make arguments about the cost or the benefits and the risks, and they’re real.”

While the “scale factor is real,” he said it has “been solved, adding the company in question “took steps into security seven to 10 years ago and said, ‘well, we should have firewalls; we should have some sort of segmentation.’”

Summarizing his session and key themes, he said that if your company uses “multi-factor authentication,” that is “good; you’ve met the standards of yesterday.”

He added: “If you have the ability to revoke access, you’re 80 percent of the way there. Most companies don’t. If you’re hired and you’re placed into the group that says you’re given post-production rights and file access, you will probably have that in perpetuity even after you leave the company.”

Presented by Fortinet and produced by MESA, CDSA’s Content Protection Summit is sponsored by Convergent Risks, Richey May Technology Solutions, GeoComply, Signiant, Verimatrix, Shift Media, EIDR and EZDRM.