“The CISO must first and foremost be a business executive, able to speak the language of the business. If you talk about risk and security in terms of their impact on the business, it makes it very easy to pull in the same direction,” he says. “Both groups need to speak a common language, and that should be the language of the business. “Hopefully that wasn’t the first time the CIO was in the room with the CISO and had the need to collaborate.” Bridging GapsĬreating a dynamic inside the organization that merges the interests of IT with security requires both officers to shift their thinking, Franklin says. “Enterprises had to immediately figure out how, from a technology standpoint, they could keep their workers engaged and capable of accomplishing what had to be accomplished,” he says. Palmore points to the pandemic as a prime example of how the two officers must work together, as the technological needs and security challenges faced by virtually every company changed radically and rapidly. Just how critical this relationship is was brought home by a recent survey of CIOs, CISOs and chief technology officers conducted by WSJ Intelligence in partnership with NETSCOUT, which found that collaboration and cooperation between these teams was the top strategic priority among respondents-ahead of securing the company’s digital infrastructure. That way, they can accomplish their goals of bringing in technology that allows the business to thrive, but doing it in a safe and secure manner.” “The more security practitioners have a say in the strategic build out of technology within companies, and the more those two entities can synergize their efforts, the better. CIOs are spending more time with CISOs, bringing them into conversations much earlier in the technology adoption strategy of the company,” says MK Palmore, director, office of the CISO, Google Cloud. “That has brought about a new age in terms of the relationship between CIOs and CISOs. Today, there’s a far greater recognition that the complexity of modern IT and application infrastructure means that security can’t simply be overlaid, it must be fully built in and integrated at every step. Traditionally, part of the culture has been a relationship between the CIO and CISO that, if not adversarial, often lacked cooperation. Security experts like Franklin agree that the fundamentals of keeping the enterprise safe are not just technological, but cultural. Redefining the Relationship Between CIOs and CISOs Instead, it’s a matter of human communication and collaboration, specifically between the CIO and chief information security officer (CISO), and the teams they oversee. That’s where, despite the availability of myriad technological tools and services designed either to enhance the capabilities of the enterprise or protect it, one of the most critical mechanisms for mitigating the push-pull Franklin describes is not based in technology at all. “Against that, you have the competing interest of being secure.” The desire to move fast and break things,” Franklin says. “You have the speed of development in the modern enterprise. They tend to want money, the theft of intellectual property, personally identifiable information or to grab trade secrets,” says Curtis Franklin, principal analyst, enterprise security management at Omdia.įor the chief information officer (CIO), tasked with supporting innovation and growth for the business through IT, this combination of ever-present threats and increasingly sophisticated architectures (including multiple cloud environments, distributed workforces, exploding use of software as a service applications and more) makes the job incredibly difficult. “There are the actions of nation-state players, and well-funded, talented criminal groups, for which ransomware is a huge tool. But addressing those threats is a challenging prospect, thanks to a diverse, well-funded roster of malicious actors capable of wreaking havoc on a business. Any enterprise focused on security spends a great deal of time assessing its threat landscape-the full scope of cybersecurity threats (both potential and known) impacting it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |