INSUBCONTINENT EXCLUSIVE:
Today’s modern CIOs face a set of expectations, opportunities, and challenges that have grown tremendously over the last decade
This fundamentally revolves around one question “How can IT provide value for the business” In conjunction with emerging technologies
are the challenges of managing people, process and compliance
Wrapped around all of this is the concept of security
What “security” means for an organisation has changed dramatically over the last several years.Historically, security was viewed as an
Companies had a firewall, anti-virus software, and maybe an IPS (Intrusion Prevention System)
Things have changed tremendously since then
The role of the CSO (Chief Security Officer) or CISO (Chief Information Security Officer) has been created specifically to tackle these
This role was responsible for protecting the organisation from the ever-increasing cyber threats and/or data breaches.In addition to the
many other responsibilities of CIOs, they also need to be part CSO
In the same way the CIO is responsible for their budget to the CFO, they must also learn and embrace mature security postures
While the CSO and security team are the experts in emerging threats, CIOs must now structure a general degree of awareness and competence
across the organisation.The threats businesses face today are unique in that they are fluid and ever-changing
Every week there is a new story of a data breach or compromise, and we know what is publicly disclosed is just the tip of the iceberg.Every
business vertical has data that would be financially damaging if made public
Whether this is intellectual property for chemical manufacturing, to patient person information in healthcare, to client financial
information in banking, to stolen credit card information in retail, security has become a board room conversation because of how it impacts
the bottom line.Enforcing the basicsModern CIOs have an important role in ensuring the private business data remains private
This happens in conjunction with the CSO/CISO and audit/compliance
Too many of today’s compromises happen opportunistically because basics are not enforced.Ensure systems are patched in a timely manner
Too much malware exists for known and patched exploits.Proper identity management, no shared accounts, use good passwords.Ensure firewalls
are truly least privilege
Don’t have Windows systems with RDP open from the Internet and lock down outgoing connections.Encrypt all endpoints, its free, use it
Too many data breaches have come from lost hard drives or devices.While these seem like fundamentals, they can go a long way towards
improving your organisation’s security posture.The next level is generally driven more from the security team’s guidance, but requires a
significant amount of operational support and integration
This is where things get much more interesting strictly from a technologist perspective.How do we deploy IPS (Intrusion Prevention System),
WAF (Web Application Firewall), and other layer 7 type security in a way that is effectiveHow do I do this in a world where most traffic is
encryptedHow do we put in place a SIEM (Security Information and Event Management) solution that will aggregate logs from every point of
technology and be able to run real time threat intelligence and machine learning on this dataHow do I enable two-factor authentications on
every piece of my environmentI must assume that I am either already breached, or will be in the future
How do I lower my mean time to detection of a breachIf a malware was sending out stolen data hidden in DNS queries, would I knowThe
First, while technology exists to solve all the problems above, it also comes with a significant price tag
Second, if you have the resources to procure this technology, the operational human time to both deploy and manage all this technology can
be overwhelming.Today’s modern CIO have a plethora of new challenges to face around security, while still advancing business capabilities
Modern agile development cycles in conjunction with best of breed security
CIOs can make a big impact driving and enforcing security basics around patching, good firewall management, and training. Today’s
security expectations require a strong relationship between CSOs and CIOs
In many cases, a professional service provider adds a significant amount of value in an organisation’s ability to deploy and get value
from new technology that is continuously developed and released.In summary, focus on the basics and do not be afraid to leverage experts for
utilising emerging technologies.Sean Donaldson is CTO at Secure-24
He has a strong technological background from over 15 years of developing world-class infrastructure solutions and critical application
management. 6UhETd6TccBHWrJmEQSdwk.jpg#
