Last Thursday, over 100 people gathered at Symantec’s Mountain View Headquarters for the documentary screening of CODEGIRL, a film that follows teams of girls from all around the world as they compete to win $10,000 to complete and release their mobile app. Directed by award-winning filmmaker, Lesley Chilcott, whose films include An Inconvenient Truth and Waiting for Superman, this film’s backdrop is the Technovation Challenge– an international mobile app competition for girls in middle and high school that tasks them to solve an issue in their community by creating an app. The concept of the Technovation Challenge is to empower girls within technology and entrepreneurship. The film takes you from rural Moldova to urban Brazil and to the suburbs of Massachusetts as the girls find mentors, learn to code, and develop their business plan.

Women are immensely underrepresented in technology and entrepreneurship. Between 10 – 20% of tech-related jobs at technology companies are held by women and only one-third of entrepreneurs are female. And in the mobile app market, which is expected to be valued at $77 Billion by 2017, less than 20% of these developers are female. The Technovation Challenge aims to help change that. Dr. Anuranjita Tewary, founder of the Technovation Challenge, was first exposed to entrepreneurship at Startup Weekend in 2009 and was inspired to create a program for girls centered on technology and entrepreneurship. “Entrepreneurship is so amazing; if I had been exposed to it as a high school student I might have viewed my life differently,” said Tewary when remembering back to the inspiring experience at Startup Weekend. Since 2010, nearly 5,000 girls from 60 countries have submitted to Technovation.

The screening of CODEGIRL at the Symantec Headquarters was an event to be remembered! After the showing of the film, one of the featured teams in the documentary, the Puppy Sized Elephants, two girls based out of Cupertino, California did a Q&A about their experience with the Technovation Challenge. They shared how they learned to code from free online platforms and described the process of making their app, My Cash Count. The event was as inspiring as the documentary and we hope that others are motivated to pursue or encourage girls in tech!

Watch the OFFICIAL TRAILER of CODEGIRL.

Advanced threats are all too real. They can cause monstrous damage and are notoriously difficult to defend against. However, there are ways to close the gaps in your defenses and protect your organization against dangerous advanced cyber-attacks.

To deal with 1 million new malware variants a day, you need to arm yourself with reputation analysis and behavior monitoring technologies. Why? While malware mutates, its behavior doesn’t change as easy as its static indicators. By capturing malicious behavior, we can effectively stop malware attacks. However, the biggest issue with behavior based security technology is false-positives. That’s when reputation analysis comes in. It mitigates false-positives by analyzing key file attributes and the users’ internet hygiene.

Symantec Endpoint Protection utilizes both reputation-based analysis (Symantec™ Insight) and real-time behavioral monitoring technology (SONAR™) that applies machine-learning heuristics to detect and block unknown malware without increasing false-positives. To learn more about the unique technologies that detect unknown polymorphic threats, targeted attacks, and zero-day vulnerabilities, download the solution overview.

シマンテックの秘伝のソース。それは、優れた才能に恵まれ、革新的なテクノロジーを手に入れた人々による単純なレシピから生まれます。それが、Cyber Security Services 事業の核になっています。セキュリティインテリジェンスから監視サービス、インシデントレスポンス、セキュリティ意識や作戦企画まで、エンドツーエンドで統合される機能に重点が置かれているので、お客様はセキュリティ上有利です。また、攻撃者に対する備えも向上し、セキュリティ応用の専門知識とサイバー脅威との間に存在するギャップを埋めてくれます。

こうした機能を提供しているのが、シマンテックのセキュリティオペレーションセンター（SOC）です。資格認定を受けた 500 人以上のセキュリティプロフェッショナルがサイバーサービスの組織を構成し、お客様の組織の延長として、最前線でセキュリティ情報をお届けしています。2012 年には、世界 5 番目の SOC を東京に開設しました。2014 年には、シドニーの SOC を 2 倍の規模に拡張しました。現在は、筆者の管轄でシンガポールに 6 番目の SOC を設立しようとしているところです。現在の戦略拠点は米国、英国、日本、インド、オーストラリアに置かれていますが、シンガポールに最新の SOC が開設されれば、グローバルなサイバーセキュリティセンターを全世界で展開するシマンテックのリーダーシップがさらに強化されます。

お客様の組織の延長として、シマンテックはお客様の保護態勢を補強し、脅威が発生した時点で、ときにはその前に 24 時間 365 日の態勢で対応するという重大な使命を担っています。この使命に即して、シマンテックは 2020 年という未来の SOC を定義し、構築・運営することに全力を注いでいます。未来を見通すこの洞察とビジョンこそ、シマンテックが戦略を決定する際の基盤であり、セキュリティ業界でも特に変化の速い、「サイバーノウハウ・アズ・ア・サービス」とも言うべき分野をリードする原動力です。

今日の世界を少しでも安全にするために、そして新しい明日の世界を築くために、日夜研鑽するチームに所属していることを光栄に思います。

【参考訳】

先日「Certification Magazine」が行った 2015 年度 IT 給与調査で、シマンテックの認定資格は、特に有利な IT 資格のひとつと評価されました。

同サイトによると、「2019 年までに、世界中で 150 万人分の IT セキュリティ職が不足すると予測されて」います。

「認定資格には、二重のメリットがある。まず、向上心の高いセキュリティのプロフェッショナルにとっては、短期間で総合的なトレーニングとなる。次に、適切なスキルと知識をもつ適切な人材であれば十分な待遇で迎えたいと考える採用担当者にとっては、安心材料になる」

認定資格の世界でシマンテックが独特なのは、競合する他の認定制度がベンダー中立で、特定の製品に限定しない企業のものであり、IT セキュリティのトレーニングと資格認定に特化しているということです。シマンテック固有の認定資格がこれほど有利なのは、なぜでしょうか。それは、セキュリティに関する理論上の概念を理解するだけでは足らないからです。今日の複雑なネットワーク、データ、システムを保護するには、日々の現実的な闘いに求められる専門知識と製品知識まで理解することが欠かせないということを、IT のプロであれば知っています。「シマンテック認定資格」ブランドは、世界最大の IT サイバーセキュリティ企業の資格として認知されています。システムと情報の安全性を保護する方法を知っているという資格があれば、給与面でも有利になるということです。

シマンテック認定資格について詳しくは、http://www.symantec.com/ja/jp/products-solutions/training/certification/をご覧ください。

【参考訳】

Are you waiting for a compelling reason to switch to Symantec Altiris IT Management Suite or Client Management Suite?

One of the best wins for us was ‘Compliance’.  The way to set rules within the CMS tool that let it know when policies applied to computers are required or not depending on whether the computer is in a state of compliance.

For example: the other day we started rolling out Internet Explorer 11 to a subset of our estate.  The detection rule for compliance checking we used was:
Is this reg value data:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\svcVersion

… set to:

Version >= 11.0.0.0  (greater than or equal to).

This compliance rule means that even if any future version of IE is installed, then providing it updates that registry value, the computer will remain compliant.

Once we are sure the policy to deliver IE 11 is never required, we will be disabling it though.  Good compliancy detection rules can’t completely make up for poor housekeeping!

Here is a screenshot from the Symantec Management Console for ITMS.  This partial view shows our policy compliance position for a bunch of our policies.

The policy in this list means it’s on, green means computer received policy and is compliant.  Red means policy received and not yet compliant, and the grey line part means the computer is yet to check in and receive the policy.  And as a bonus when you click on the green, red or grey part of the compliance indicator, then an ad-hoc filter is created with the list of computer names & IPs in a right-hand window pane.

Compliance:  an excellent reason to look at Managed Software Delivery using ITMS / CMS.

Welcome to the November edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.

The proportion of email traffic containing malware was up in November, where one in 140 emails contained malware. Public Administration was the most targeted sector in November, with one in every 85.6 emails containing malware. Organizations with 251-500 employees were most likely to be targeted by malicious email in the month of November, where one in 93.7 emails was malicious.

Interestingly, there were 19.4 million new pieces of malware created in November. This rate has steadily declined in the second half of 2015, from a high of 57.6 million seen in June. While such a decline could point to a reduction in malicious activity, it could also mean that attackers are having a higher success rate in compromising computers, thus not needing to produce as much malware to achieve their goals.

The overall email spam rate in November was also up at 54.1 percent, an increase of 0.6 percentage points from October. At 57 percent, the Mining sector again had the highest spam rate during November.

In terms of targeted attacks in general, the Finance, Insurance, & Real Estate sector was the most targeted sector during November, comprising 41 percent of all targeted attacks. Large enterprises were the target of 49.9 percent of these spear-phishing attacks.

We hope you enjoy the November Symantec Intelligence Report. You can download your copy here.

As we face up to the cyber challenges that will plague enterprises in the future – many of those challenges as yet not even dreamt of – one thing is certain: attackers will continue to escalate their activities on several fronts, launching ever more complex multi-phased/vector assaults. As we start to build advanced analytics platforms to help us counter our business challenges, these very platforms themselves will become the target.

It’s a worrying prospect. Only stop and think what the impact might be when we see fully autonomous platforms that control the sale of stocks and shares come under fire. In the days ahead, we will also see attacks against emerging digital payment systems, as well as IoT device and system cyber manipulation. We must also expect to see cyber-attacks against drone technology and the stepping up of social engineering attacks.

Yet there is still widespread failure for organisations to put in place the proper defences to even combat the threats they face today. No matter how many high-profile attacks are reported – Ashley Madison, TalkTalk, Anthem, CarPhone Warehouse, VTech, JD Wetherspoon – the breaches just keep on coming.

The reality is that businesses can no longer continue to operate a security model that has been decaying for the past 15 years: namely by simply locking down their outside perimeters and hoping not to be breached. As we enter 2016 and beyond, we have to be able to deliver security across any platform – even platforms we may not yet even be aware of. We need to envisage a new wave of next-generation security operation centres (SOCs) or cyber defence centres that are completely driven by machine learning and data analytics.

These next generation systems aren’t mature today. But these are the tools that will allow us to see all of the user behaviour of any individual, in any environment, using predictive classification algorithms, which rapidly enable the identification of anyone using falsified credentials to gain access and perpetrate an attack. The future is all about organisations looking at malware across an entire estate, homing in on factors such as increased system memory usage, identifying very early on where their systems have been infected. What we are talking about is behavioural, neural-based analysis, driven by global telemetry – and that will be a critical factor in the years ahead when it comes to detection and protection.

By 2020 we’re probably going to have billions of connected devices, wearables included. That is when we will need to have algorithms that can leverage not only machine learning, but also really understand how humans operate. What we are talking about is redefining the whole security landscape.

As many organisations grapple to understand why the substantial investments they have made in security solutions are failing to keep them safe, they have invested, or considered investing, in their own cyber-trained people as the answer. Yet mostly this has proved cost prohibitive – even if they were able to find sufficient numbers of skilled people to fulfil that role in the first place.

How, then, is cyber to evolve to meet the security needs of these enterprises in the days ahead? An outsourced, automated approach – with a small retained core team of cyber security professionals – is gaining ever greater traction. At Symantec, we are aligning our roadmap and strategies to provide a Unified Security Analytics Platform Strategy that leverages our unparalleled threat telemetry with next generation machine learning and big data analytics to solve uses cases for threat monitoring, incident response risk assessment & advanced threat protection. These next generation analytics and algorithms will provide the heavy analytics that work ceaselessly to detect attacks as they happen and deliver constant protection.

The tools and technology that once kept businesses safe no longer work. Enterprises that hang on doggedly to such ‘solutions’, or simply throw more hardware at the problem, are likely to suffer heavily at the hands of today’s attackers who are unrecognisable from those that sought to infiltrate their organisations in the past. Unless these businesses are prepared to arm themselves with the technology and expertise that will neutralise such onslaughts, the consequences may well prove to be little short of calamitous.

In a recent webinar I talked about the Future Threat Landscape, how technology will evolve and what it means for cyber security. You can listen to the recording here. I’d love to hear your thoughts. Leave a comment below or connect with me on Twitter and LinkedIn.

Arellia 8.1 is Here

Arellia 8.1 Solutions are built on the standalone Arellia Management Server and can integrate with Symantec Management Platform (Altiris) and Microsoft System Center Configuration Manager (SCCM).

Customers can use Arellia 8.1 solutions to control domain and local user privileges, whitelist approved software, blacklist known or unknown applications, and control all aspects of an application’s privileges.

Arellia 8.1 Privilege Essentials bundle combines the Arellia Application Control Solution and Local Security Solution.

Some of New Features of Arellia 8.1

Application Reputation and Intelligence – Arellia integrates into reputation engines like VirusTotal  and Kaspersky to check the reputation of an application before installing or executing the application.

Integrate into Security Operations Center – Arellia has the ability to send applications alerts from potentially bad applications and disclosure of privileged accounts into the Security Information and Event Management solutions like Splunk and ArcSight to help the security team quickly identify possible Advanced Persistent Threats.

Application Sandboxing– a process in a Job is limited with its ability to interact with other processes, as well as some specific types of interactions with the operation system, such as Shutting down the system

Application Firewall – we have introduced fire-walling based on Application Classifications. i.e. It is possible to limit all (or just allow some) network access for certain classes of applications.

Mobile Application Approval, Reputation and Alert App– get application elevation requests directly on your mobile phone with Arellia Mobile App.  The Arellia mobile app allows you to see application approval requests, check the reputation and approve or deny the application

Mobile Password Disclosure Alerts– Get password disclosure alerts directly on your phone with the Arellia Mobile App

Enhanced Mitigation Toolkit Support (EMET) – strengthen internet facing applications against vulnerabilities in software from being successfully exploited

Enhanced task scheduling – Logon/off, System Start, Session State Change or Windows Event

New AES Encryption Provider

To learn more about Arellia 8.1 Click Here:

Protecting your company online begins with ensuring your employees are prepared to assist in keeping your computers and networks safe.

Information security is a process that moves through phases building and strengthening itself along the way. Security is a journey not a destination. Although the Information Security process has many strategies and activities, we can group them all into three distinct phases - prevention, detection, and response.

The ultimate goal of the information security process is to protect three unique attributes of information. They are:

• Confidentiality – Information should only be seen by those persons authorized to see it. Information could be confidential because it is proprietary information that is created and owned by the organization or it may be customers’ personal information that must be kept confidential due to legal responsibilities.
• Integrity – Information must not be corrupted, degraded, or modified. Measures must be taken to insulate information from accidental and deliberate change.
• Availability – Information must be kept available to authorized persons when they need it.

Attacks compromise systems in a number of ways that affect one if not all of these attributes. An attack on confidentiality would be unauthorized disclosure of information. An attack on integrity would be the destruction or corruption of information and an attack on availability would be a disruption or denial of services.

Information security protects these attributes by:

• Protecting confidentiality
• Ensuring integrity
• Maintaining availability

An organization succeeds in protecting these attributes by proper planning. Proper planning before an incident will greatly reduce the risks of an attack and greatly increase the capabilities of a timely and effective detection and response if an attack occurs.

The best security technology in the world can't help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks.

A firm’s security strategy will only work if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated. The goal of an awareness program is not merely to educate employees on potential security threats and what they can do to prevent them. A larger goal should be to change the culture of your organization to focus on the importance of security and get buy-in from end users to serve as an added layer of defense against security threats.

Once you have buy-in from employees, your focus can turn to ensuring they get the necessary information they need to secure your business. An effective security awareness program should include education on specific threat types, including but not limited to:

• Malware
• Trojans
• Viruses
• Social engineering
• Phishing

Another important area to address is the importance of password construction and security. Seems minor? It’s not. Believe it or not, password cracking is remarkably easy, particularly for advanced hackers. And this ‘minor’ step that users take every day could make a significant difference in protecting your firm’s sensitive information.

Talk to Your Employees About

• Keeping a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
• Following good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
• When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company's spam filters and how to use them to prevent unwanted, harmful email.
• Backing up their work: Whether you set your employees' computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
• Staying watchful and speaking up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.

Information Security Awareness Program

A good Information Security Awareness Program highlights the importance of information security and introduces the Information Security Policies and Procedures in a simple yet effective way so that employees are able to understand the policies and are aware of the procedures.

Listed below are some of the methods used to communicate the importance of Information Security Policies and Procedures to the employees.

1. Information Classification, Handling and Disposal

All information must be labeled according to how sensitive it is and who is the target audience. Information must be labeled as “Secret”, “Confidential”, “Internal Use Only” or “Public”. Documents that are labeled “Secret” or “Confidential” must be locked away at the end of the workday. Electronic information (Secret or Confidential) should be encrypted or password protected. When the information is no longer required, documents should be shredded while files should be electronically shredded.

2. System Access

No sharing of UserID and password is allowed and staff are made aware of their responsibility on safeguarding their user account and password. Staff are also provided with some useful Password Tips on how to select a good password.

3. Virus

All computers must have anti virus software installed and it is the responsibility of all staff to scan their computer regularly. All software and incoming files should be scanned and staff are advised to scan new data files and software before they are opened or executed. Staff are educated on the importance of scanning and how a virus can crash a hard drive and bring down the office network.

4. Backup

Staff are advised that they are responsible for their own personal computer backup and they should backup at least once a week.

5. Software Licenses

Software piracy is against the law and staff are advised not to install any software without a proper license.

6. Internet Use

Staff are advised that Internet use is monitored. Staff should not visit inappropriate websites such as hacker sites, pornographic sites and gambling sites. No software or hacker tools should be downloaded as well.

7. Email Use

Staff should not use the email system for the following reasons

• Chain letters
• Non company sponsored charitable solicitations
• Political campaign materials
• Religious work, harassment
• And any other non-business use.

Staff are allowed to use the email for personal use but within reason.

8. Physical security of notebooks

All notebooks should be secured after business hours in a cabinet, in a docking station or with a cable lock.

9. Internal Network Protection

All workstations should have a password protected screen saver to prevent unauthorized access into the network. For those using, Windows 7, they should lock their workstation. To prevent staff from downloading screen savers from the Internet, you can restrict the screen savers to the default ones which come with Windows 7.

10. Release of Information to Third Parties

Confidential information should not be released to third parties unless there is a need to know and a Non Disclosure Agreement has been signed. It is the responsibility of all staff to safeguard the company’s information.

Training materials should also review corporate policies and clearly detail consequences for any suspicious or malicious behavior amongst employees. For your convenience, we’ve compiled a variety of information on various security policies, including:

• Acceptable Use
• Social Media
• Bring Your Own Device
• Security Incident Management

Dos and Don’ts

A Dos and Don’ts checklist is given to all new staff upon joining company. As it may be sometime before they attend the actual security training, the checklist would be a good and easy way for them to learn about what they should and should not do. The information in the checklist is listed below.

Don’ts

• Do not share your password with anyone including staff
• Do not write your password on any paper, whiteboard or post it pad
• Do not use easy to remember words as passwords e.g. Aug2001
• Do not use personal information or any word in any language spelled forwards or backwards in any dictionary
• Do not visit inappropriate web sites e.g. pornographic or hacker web sites
• Do not download unlawful or unlicensed software from the Internet
• Do not install unlicensed software onto your computer

Dos

• Do change your password regularly for every system.
• Do use a combination of letters, symbols and number for passwords
• Do use difficult passwords which are at least 6 characters long
• Do enable your Screen Saver Password or lock your workstation
• Do scan your computer regularly for viruses and any diskettes as well before you use them on your computer
• Do check that your virus software patches have been updated when you receive the regular update emails from Desktop Support
• Do backup your data at least once a week. It is your responsibility to do so.
• Do lock away all confidential documents, files and diskettes at the end of each work day

Training Your Employees

Training employees is a critical element of security. They need to understand the value of protecting customer and colleague information and their role in keeping it safe. They also need a basic grounding in other risks and how to make good judgments online.

Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.

Thanks to all who attended our webcast, "Best Kept Secrets of IT Management Suite" on Wednesday, December 9!

And, extra special thanks to our esteemed customer panel!

• Ian Atkin
• Jeanne Hoffman
• Jason Iloff

To download or play the Webcast recording, click here.

Links shared during the Webcast:

• go.symantec.com/altiris76
• White Paper: What’s New in IT Management Suite 7.6
• 7.6 QuickstartMigration Guides
• 7.6 Upgrade Paths
• 7.6 Installation / Upgrade Guide
• 7.6 Documentation
• 7.6 Upgrade Lessons Learned by Jason Iloff

Finally, I will post the Q & A transcript below (will have it by Monday, check back).

Environment: Solaris 5.8 Sunfire V1280. VRTSvxvm VERSION:  3.5,REV=06.21.2002.23.14  (yes, I know. very very old)

Server has encapsulated root/root mirror disks.  Somehow critical files were removed or permissions changed so that the server boots, but nobody can login "No shell" is the reply.  Also during boot other "missing directory" messages pop up.

I am booted from CDROM in single user mode, and want a procedure to get into the root filesystem; then I will explore what is missing and attempt to restore it, and then try to boot and login again.   Also, because we were locked out, we did a reset-all on the system and now some of the filesytems want fsck, but it cannot be done from the boot sequence because we get "No shell" when trying to get into single user mode.  I suspect the fsck will be the first thing we need to do.

The issue I need help with is determining how to do that, considering that the root disk is encapsulated. It would likely be the same procedure as if you were trying to recover the root password manually; one disk is now different from the other one.   How do you get them all working, assuming that the changes to root disk were effective?

Prompt reply is appreciated, this production server is in the middle of a change window and we are running out of time.

「大切なのは敏捷性であり、問われるのはビジネスにとっての価値を実際に短時間で提供できるかどうかです」、CIO の役割の変化について、シマンテックの CIO Sheila Jordan は、サイバーセキュリティのエキスパート Morgan Wright 氏にこう語りました。

先日撮影されたこの動画（英語）で Jordan は、今日の CIO に求められる役割の推移、テクノロジに対する従業員の期待の変化、移動中のデータの保護、そしてテクノロジをめぐる 5 大トレンドの収束について Wright 氏と考察を交わしています。

これは、「Technology Trends and News from Symantec CIO Sheila Jordan（シマンテック CIO Sheila Jordan が送るテクノロジのトレンドとニュース）」と題してお届けしているインタビュー動画シリーズの第 2 弾です。

企業と従業員の期待にいち早く対応

これまでは、CIO の仕事といえば技術的なものでしたが、現在ではそれも大きく変わりつつあります。CIO は、コスト効果だけを考えるのではなく、会社に価値と成長をもたらさねばなりません。

大規模でモノリシックな、時間ばかりかかるアプリケーションを IT が配備する時代は終わった、と Jordan は言います。今日の企業が IT チームに求めるのは、敏捷性と順応性であり、迅速に価値を実現することです。

CIO は、テクノロジに関する従業員の期待に十二分に応えるために、その敏捷性を維持する必要があります。従業員はスマートフォンユーザーでもあり、利用するテクノロジについての期待が高くなっていると Jordan は指摘します。たとえば、1 日に 20 個ものアプリをダウンロードしたり、1 回のタップでスマートフォンをアップグレードしたりが当たり前にできるものと思っています。

「ですから、職場でも同じような操作性を当然のように求めてくるのです」、と Jordan。

クラウドで実現されるモバイル環境を利用する従業員が増えてくると、CIO は日常的なテクノロジに対する従業員の期待に応えつつ、しかも移動中のデータを保護する必要に迫られます。しかも、そのデータは従来のようにオンプレミス環境に限定されていません。今日、データは常に動いているからです。

インフラストラクチャ全体でデータを保護

これまで（それどころか今でも）、セキュリティ企業から提供されるのはほとんどがポイントソリューションでした。つまり、アーキテクチャの「1 つ」の階層で「1 つ」のことに対応するソリューションです。たとえば、ネットワーク層に対応するポイントソリューション、エンドポイント向けのポイントソリューションという状態です。しかし、ポイントソリューション製品を配備しているだけでは、「空白地帯」が生じ、そのギャップはつながることも保護されることもありません。しかも、こうした個別的なアプローチによって複雑さが増し、断片化が生まれることもあります。

産業界には統合ソリューションが必要だ、と Jordan は説明します。たとえば、間もなく登場する Symantec Unified Security プラットフォームはその一例で、保護の必要な「空白地帯」を埋めつつ、インフラストラクチャのあらゆる階層を保護します。

今やデータはさまざまなインフラストラクチャ層を行き来しており、全体論的なアプローチを戦略的に採用する必要があります。このような前提に立ってシマンテックが提供するのが、各層を行き来するデータを保護する統一的なアプローチです。

5 つの主要領域が収束へ

ご存じのように、インタラクティブな環境はたえず変化しており、流動的です。しかし、いくつかの主要領域は収束の方向に向かい、CIO と IT チームにはそれがまたとないチャンスになるだろうと Jordan は予測しています。完全版の動画で Jordan は、変化が劇的なのは以下の 5 つの領域だと定義しています。

• モバイル
• クラウド
• 非構造化データと構造化データ
• ID 管理と保護
• モノのインターネット（IoT）

Jordan の解説によると、これら 5 つの領域の収束に伴って、各領域間を移動するデータの管理が重要になってきます。たとえば、クラウドとモバイルの間のデータ、モバイルと IoT の間でやりとりされるデータ、クラウド間のデータなどをそれぞれ保護することです。

これらは、企業にとって既知の領域です。今後、新たなプラットフォームや環境が出てこないと誰に断言できるでしょうか。CIO は敏捷性と順応性を保ち続けなければなりませんが、どこにあろうと、どう移動しようとデータを保護することに集中しなければなりません。

Jordan はこう述べています。「セキュリティすなわちデータの問題というのが現実です。データは激しく動いており、その情報を保護することが、CIO にとっては決定的に重要です」

「Technology Trends and News from Symantec CIO Sheila Jordan（シマンテック CIO Sheila Jordan が送るテクノロジのトレンドとニュース）」と題してお届けしている動画シリーズを、今後もお楽しみに。

その他の情報の参照先:

動画: IT Data Challenges and Opportunities: Technology Trends and News from Symantec CIO Sheila Jordan（IT にとってのデータの課題と可能性: シマンテック CIO Sheila Jordan が送るテクノロジのトレンドとニュース）（英語）

レポート: 2015 Symantec Internet Security Threat Report Vol 20（2015 年発行、シマンテック『インターネットセキュリティ脅威レポート第 20 号』）

ホワイトペーパー: Securing Your Enterprise in the Cloud（クラウドにおける企業の保護）（英語）

【参考訳】