Back to stories

Legacy Infrastructure and Cybersecurity: Menlo’s Discussion with Barclay’s

April 30, 2015

As cyber threats become more sophisticated, companies large and small are changing the way they think about securing their networks. During RSA, I moderated a panel with Nick Hammond, managing director of Infrastructure at Barclay’s, and Lane Bess of Palo Alto Networks and Zscaler. They focused the conversation specifically on how large legacy companies are thinking about implementing new technologies and responding to an ever-evolving threat landscape.

Mark Siegel, Nick Hammond, and Lane Bess

Below are a few highlights from the Barlcay’s perspective. We welcome you to watch the entire discussion for more insights from both the buyer and vendor side.

Barclay’s #1 Priority

There is a lot we know about our current infrastructure and our current threat vectors, but when you think you’ve got your arms around it, it changes. The biggest challenge we have is catching up and then limiting the surface area of attack. There are regulatory requirements we have as a bank to constantly survey the risk profile. What we do is use market intelligence to assess just how good our security is, where the vulnerabilities are, and then it’s a race to close down those gaps particularly about where our data is going to reside.

Moving to the Cloud

We no longer want to have massive amounts of infrastructure internally and just put a perimeter around it. We are moving significantly towards cloud models. When you do that, your procedure and your operating model changes. It’s a two-step process at the minute: understand where we are, what we’ve got, and then work out how that’s going to fit with our infrastructure strategy to move to the cloud.

Scope and Scale

What is the problem you’re looking to solve and who agrees they’ve got that problem? Is it the CSO? Is it the CIO? Who’s ultimately responsible? That’s pretty key. We’re making a lot of security investments at the moment. Who feels the pain? Who’s ultimately responsible for the problem? You’ve got to decipher that very quickly. Is an on-premise, hands-off model going to work? Can you scale with a support model that’s going to augment my operating procedures? How quickly can you get it in and get it everywhere? If it doesn’t scale, it’s not going to work.

Proving it Works for a Changing Climate

Companies are generally bad at proof of concept and pilots. Watch the metrics of success for any pilot. If you want to get yourself into the boardroom, have a security insight. It’s not just about penetration problems. If you have a security challenge, it will have an impact and ripple throughout the entire company. Operationally, the barriers are coming down. Challenges exist, but it’s going to happen faster and faster as we start using cloud services.