Intel: CIOs should view risks more broadly

Summary:Enabling social communication is a good way to contain risks in enterprises, Intel's chief security information officer says, adding that threats should be proactively addressed, not shunned.

SINGAPORE--Enabling of social media with the right policies in enterprise settings can be more than advantageous, said Intel's chief security information officer, Malcolm Harkins.

Speaking to ZDNet Asia here Friday, the executive explained that in today's widely-connected world, people will be bringing more of their conversations to the Internet, and blocking social channels of communication will in fact cause problems and risks to be "magnified".

Traditional companies that have blocked social communication internally, the IT veteran noted, are slowly opening to the idea of having internal "chats", after witnessing the successful implementation of social media on marketing fronts, where they have been able to capture new markets and customers.

"What [Intel] found from employee chats, be [they] positive or negative, is that you can get a lot of input that way," noted Harkins. "You can get feedback from even a HR perspective, which may allow you to identify changes in the environment earlier."

Harkins pointed to Intel's internal practice of having "blogging ambassadors", where staff members moderate internal blogs to ensure staff discussions are kept within ethical boundaries. With the arrangement, communication channels are enabled and yet risks are identified quickly, he added.

"From what I see, [social media is] pretty powerful because it does improve behavior and has sort of a crowd effect, helping people shape directions and get feedback," said Harkins.

Similarly, companies are also grappling with the consumerization of IT, he noted. With the increasing adoption of personal devices for work, Harkins said by allowing staff to use aptops for both personal and work matters, "people tend to take better care", as a result fewer devices are lost, which translated to a lowered risk of data loss.

"Employers don't want staff's personal devices accessing their network--it could be more of a traditional view from some security professionals," he noted. "I tend to look at it and think how I can enable [personal device use], as I think it will allow for more personal accountability, which will reduce the company's risk."

Harkins added that as threats are always evolving, instead of blocking and shunning risks, his strategy is to "run toward the risk" and proactively address the problem.

Embedded chip security adds to defense-in-depth
In response to chip security and its flexibility, Harkins said it is an "additional layer" of protection that the chipmaker is creating, following its acquisition of McAfee.

"We are taking the depth of defense to another level," he pointed out.

"You're always going to have evolving threats and vulnerabilities from different vectors, to be honest that's not going to be any one control [that is effective enough], so the chip just plays into additional control in the perimeter."

With the trend moving toward intrusion prevention and endpoint security, the IT executive believes that the ways to counter threats and risks will always be "a journey", and the next step is "going to that additional layer and across devices".

The Intel-McAfee acquisition was completed on Feb. 28, and according to Harkins both companies will be announcing collaboration and product offerings in the coming weeks, something they could not share about prior to the finalization of the deal.

Harkin said that he sees "value" in the acquisition, and added the upcoming developments are "security capabilities that a consumer would want to see".

Topics: Hardware, Browser, CXO, Mobility, Processors, Security, SMBs, Social Enterprise, Tablets, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.