禍起蕭墻:來(lái)自合作伙伴的安全風(fēng)險(xiǎn)
????我借剛才那個(gè)比喻擴(kuò)展開來(lái)講吧:這家購(gòu)物中心已落成并且開始運(yùn)營(yíng),但購(gòu)物中心的老板根本就不知道有哪些人來(lái)往這個(gè)購(gòu)物中心,去哪些商店購(gòu)物,甚至就連這些人是怎么進(jìn)出的都不知道。正如我們所看到的那樣,企業(yè)內(nèi)部這種缺乏深謀遠(yuǎn)慮的行為使得所謂的“高級(jí)持續(xù)性威脅(APT)”攻擊能夠持續(xù)存在,甚至加劇。 ????作為一名投資者,我和創(chuàng)業(yè)者和初創(chuàng)公司共事——比如 BitSight Technologies公司。這家公司認(rèn)識(shí)到,市場(chǎng)對(duì)可解讀企業(yè)產(chǎn)生的數(shù)據(jù)的工具有著迫切的需求,同時(shí)還認(rèn)識(shí)到,現(xiàn)代企業(yè)依靠的商業(yè)合作伙伴、承包商和供應(yīng)商這個(gè)復(fù)雜的網(wǎng)絡(luò)存在固有風(fēng)險(xiǎn)。 ????今后的歲月里,這些工具將會(huì)幫助企業(yè)將業(yè)務(wù)從高風(fēng)險(xiǎn)供應(yīng)商轉(zhuǎn)向低風(fēng)險(xiǎn)供應(yīng)商;一旦某個(gè)商業(yè)伙伴淪陷,企業(yè)能借助這些工具關(guān)閉其IT環(huán)境與這個(gè)商業(yè)伙伴IT環(huán)境之間的鏈接;同時(shí)它還能要求行為不端的承包商走人。用《圣經(jīng)》上的比喻來(lái)說(shuō):比起預(yù)測(cè)暴風(fēng)雨,還是建造諾亞方舟來(lái)得更重要。 ????本文作者文奇?加納森是門羅風(fēng)險(xiǎn)投資公司合伙人。(財(cái)富中文網(wǎng)) ????譯者:iDo98???? |
????To extend my earlier analogy: The mall is up and running, but the mall owner has no idea who is coming and going, what stores they visit or even how they enter and leave. As we've seen, that myopia within organizations allows so-called "APT" attacks to linger, and fester. ????As an investor, I am working with entrepreneurs and start-up firms, like BitSight Technologies, that recognize the urgent need for tools that can make sense of the data generated by enterprises and the risk inherent in the complex web of business partners, contractors and suppliers that modern organizations rely on. ????In the months and years ahead, these tools will allow enterprises to shift business from high-risk to lower-risk suppliers, shut down links between their IT environment and those of a compromised business partner and show the door to misbehaving contractors. To use a biblical analogy: Predicting rain doesn't count for much. Building arks does. ????Venky Ganesan is a partner with venture capital firm Menlo Ventures. |