Cybersecurity lacks depth, must hurdle current shortcomings, says AT&T veteran Amoroso


While the sophistication and speed of cyberattacks have continued to rise, industry experts say the security industry’s processes lack depth, reflecting a clear disconnect between growing threats and available prevention methods.

Dr. Ed Amoroso, CEO of TAG Cyber and former CSO at AT&T, said during a recent conference call with Cowen and Company analysts that the industry has major shortcomings today, and that chief information security officers (CISOs) “need to shift to virtualized and cloud solutions.”

He added that “processes and technology must improve, but noted that humans are—and always will be—a weak link.”

RELATED: CenturyLink’s Post: Cybersecurity is ‘not just a job, it’s an obligation’

One way to help strengthen cybersecurity is to develop an approach that puts the cloud and SDN at the center. Specifically, the approach would use multiple cloud security and distributing workloads across a distributed grid, allowing users to move secure workloads between clouds as they see fit.

By having SDN serve as the backbone for the distributed cloud model, Amoroso said it will be more challenging for hackers to get access to cause damage. As part of this model, cloud providers will integrate pure play security into their solution plans.

Interestingly, not all companies are fans of cloud-based security.

On one hand, startup companies and small to medium-sized businesses (SMBs) are willing to use cloud-based security. Alternatively, large enterprises and government agencies have yet to embrace it even though they understand the danger of the new threats and the importance of virtualizing and distributing risk.

Amoroso said there are four common reasons why enterprises and government agencies have not adopted a cloud-based approach: embedded security appliance investments and a traditional perimeter security model; concerns over putting sensitive data in the cloud; compliance regulations; and overcoming traditional thought processes set by their boards of directors.

While large enterprises and government agencies aren’t likely to change their tune in the near-term, Amoroso said he “fully expects these barriers to fall over time.”