Cybersecurity from Inside Out: How We Keep Customers Secure

For all the stories we see on the news about the breadth and depth of cybersecurity breaches — millions of users compromised, billions of security numbers, passwords and bank accounts stolen, ready to be weaponized at any moment — it can be underwhelming to learn that one of the biggest threats of all also may be the most prosaic: email spam.

That’s right. Those annoying emails, most harmlessly trying to sell you something or get you to visit a website also include the social engineering phishing attacks that allow hackers to get into systems, where they can burrow deeply, undetected, until they can wreak maximum havoc.

If you work for almost any size organization, no doubt you’ve clicked through your share of cybersecurity training videos, trying to ingrain into you enough skepticism of unfamiliar email requests that, rather than clicking, as most folks still do, you forward it to your company’s security team. You’d think by now we’d all know better.

October marks National Cybersecurity Awareness Month and email phishing remains the number one way attackers breach systems. For companies like Rackspace, the risk is two-fold: we must train our employees to be ever vigilant, for they protect not only our own data and assets, but that of tens of thousands of our global customers as well.

Security from the inside out

Internally, our focus is on strengthening and broadening our security foundation, which revolves around IT hygiene (patch management, configuration management and asset inventory). We are doing this in part by broadening our use of automation and analytics. By automating more of the day to day tasks, our cybersecurity analysts are freed up to do more valuable, proactive work; we’re also more thoroughly analyzing the mountains of data and intelligence we acquire each and every day.

That’s critical, because “daily events” are coming at us with even more frequency, events that must be assessed to determine what is a true “incident.” Both analytics and our proprietary automation tools help here, allowing us to integrate with all of the cloud control planes and supported cloud native tools to sift through the noise to determine where best to focus our attention.

Automation and analytics also help in another way: retaining talent. I have now served as Rackspace Chief Security Officer for three months, and what I have been most impressed with in that time is the quality of the talent of our security teams. Combined, our security experts hold more than 500 certifications, in cyber defense, digital forensics, incident response, pen testing and networking. I am honored to work with some of the best in the business; it’s my job to keep them motivated — and allowing them to do high value work is one way to do that.

The benefits of managed security services

Security is a top concern for our customers and by taking advantage of a managed security service provider, or MSSP, companies can access top, skilled talent. For example, Rackspace Managed Security offers a comprehensive portfolio of security and compliance offerings, for all major private and hyperscale public clouds — and we do it in a way that allows companies to use (and pay for) exactly the services they need, when they need them. We call them Service Blocks: discrete sets of capabilities that companies can choose from, depending on the security and compliance requirements of their business.

There are many, many companies today entering the managed security services market. According to Gartner, the total enterprise security market is roughly $115 billion, with managed security services accounting for more than 50 percent of this emerging market. Cloud security is a smaller piece of that, at $440 million annually, but with an eye-popping growth rate of 30 percent CAGR.

And it’s no wonder. The talent shortage is just one reason companies turn to managed security service providers. From limited security expertise, too many point solutions in an environment, compliance requirements and budget constraints, business leaders and their security counterpoints are all seeking expert partners.

Every major analyst firm now offers in-depth market and vendor reports on the MSSP landscape to help companies assess which company makes the most sense for its security needs; most recently, IDC released its 2019 MarketScape report, U.S. Emerging Managed Security Services 2019 Vendor Analysis, which places Rackspace in its “Major Player” category.

The report notes that “Rackspace has strengthened its position with managed security services and solutions that can be wrapped into its multi-cloud offerings for AWS, Azure, and Google. … Customer feedback stated that Rackspace goes above and beyond putting the customer first and tries to accommodate their needs and finishes projects before the scheduled completion time.”

We’re proud of our ability to meet customers wherever they are on their cybersecurity journey. But whether you choose Rackspace Managed Security or another MSSP, please never forget: do not click on that spam email.


Looking to enhance the security of your organization?

Get in touch with Rackspace Managed Security today.

Previous articleAhead of Tech at Retail Week 2019: Technology is Turning Retail More Human
Next articleCloud Excellence Award Win for Rackspace
Karen is the Chief Security Officer at Rackspace where she leads, develops and implements the Enterprise Cyber, Compliance and Physical Security strategies. Karen brings extensive knowledge and experience to the information security practice in developing strategic and innovative approaches to manage security risk. Most recently she served as Chief Information Security Officer (CISO) for International and PayFlex businesses at Aetna/CVS Health. Her role included the areas of Data Protection, Policy Management, Sales Support and Audit. She was responsible for developing, communicating and implementing strategies for the deployment of information security across the Enterprise. Prior to joining Aetna/CVS Health, Karen was Managing Director at Citigroup, where she built and led a global team to administer access across Citi’s global network and enterprise. Her responsibilities included developing and implementing transformation projects, addressing risk and regulatory commitments and implementing process re-engineering solutions to increase operational efficiencies, improve customer relationships and reduce overall costs, while maintaining a customer–centric approach. Karen has worked for Barclays, Wells Fargo, IBM and American Express. She has over 20 years focused in the practice of Information security. Along with her information security expertise, she has in depth working experience in technology, and operational re-engineering. She has led global, multicultural teams across the financial and technology services. Karen graduated from Arizona State University, with a Bachelor’s of Science in Political Science. She has been a senior member of Information Security Operating Committees. She is involved in Women and Security Technology forums. She resides in San Antonio, Texas with her husband and children.

LEAVE A REPLY

Please enter your comment!
Please enter your name here