The CISO’s New Role in Making Modern IT Work

Cybersecurity — once relegated as an after-thought to the IT department — has emerged as a key concern of the board and C-Suite, thanks to the changing nature of work and productivity. The modern business is focused on allowing users to access the data they need from any device and any location. They want to free users to work the way they are most productive, when they are most productive. And that can’t happen without proper security.

Ironically, the requirement for modern cybersecurity is why many organizations are slow to implement these innovative, new business practices. Too many IT professionals believe opening up their workplace increases their attack surface area, making it easier for malicious actors to get in. While their suspicions might be valid, it doesn’t have to be this way. In fact, when executed properly, embracing modern business innovations, such as cloud and mobility, can actually help decrease your exposure to risk.

IT professionals can do a number of things to ensure that security isn’t overlooked as new IT practices are implemented. The role of the Chief Information Security Officer (CISO) is also an important piece of the modern IT organization, ensuring the organization’s approach is aligned with IT by staying ahead of the game. This includes reducing the amount of data to be collected, considering the evolving security perimeter, focusing on protecting data rather than devices, and reducing the size of the organization’s application portfolio.

Re-consider the perimeter

Investments in perimeter security, such as firewalls, are not as effective as they once were. While protecting the perimeter should always be a component of the organization’s security, no network is impenetrable. In fact, our old idea of what the perimeter actually is no longer valid; with mobile, cloud and other innovations, your edge of attack is constantly changing, growing and harder to define. (This is why we are starting to say that “identity is the new perimeter,” because the people accessing your data are doing so from beyond the firewall, anywhere, anytime. More on that below.) The best response is to adopt an “assume breach” model. Organizations need to act as if a breach has already occurred, and put their energies into detecting, remediating and preventing future breaches.

Protect data, not devices

In the modern IT world, employees access the data from anywhere and work outside of the office, just as effectively as in the office. As a result, the most effective approach is to protect the data itself, not just the devices used to access it. If data is encrypted, at rest and in transit, your odds of breach are reduced. Blocking employees or their devices from accessing certain sites is the old way of doing business. Employees can and will find ways around those types of limitations. Instead of trying to protect every device, focus your attention on protecting critical data. Leverage encryption and other tools to protect data at rest and in motion. This allows data to be fluid and flexible, especially when combined with a modern identity and access management strategy to limit access to information to those who need it.

Reduce the application portfolio.

On average, each organization manages more than 3,000 apps, and each app creates the risk of security gaps, often around data privacy. It’s very rare that any organization really needs 3,000 apps to effectively run their business. Not only do all these apps lead to employee confusion – different user names, passwords and processes for each — but they also expose an organization to complexity and more risk. To counter this, you must start with a solid understanding of the purpose and function of each application. While you will never be able to achieve a one-size-fits-all application, pick the best ones whose purpose and function best match the needs of the organization and eliminate the rest.  Reducing the number of apps also reduces operating costs, which provides real financial gain. Just as with data, less is more.

Modern IT enables new styles of work that make a business effective without compromising data security, which can also save money and time. These practices are a good first step to ensuring a secure, modern IT.


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Alliance Data Systems CEO Edward J. Heffernan
10 Things You Didn’t Know about Alliance Data Systems CEO Edward J. Heffernan
How Dirk Nowitski Achieved a Net Worth of $120 Million
10 Things You Didn’t Know About Mark Walter
CEO Wendy Kopp
10 Things You Didn’t Know about Wendy Kopp
Discover it card
The 10 Best Credit Cards for Students in 2019
Omega Healthcare Investors
Why Omega Healthcare Investors is a Solid Dividend Stock
World of Hyatt Credit Card
10 Benefits of Having The World of Hyatt Credit Card
PPL Corporation
Why PPL Corporation is a Solid Long-Term Dividend Stock
Seamless Virtual AI Assistant
How Close Are We to Seamless Talking AI Assistants?
Wearable ECG
How Will Wearable ECGs Affect Our Future?
Computer Vision
What is Computer Vision and How Does it Impact the Future
Pervasive Computing
What is Pervasive Computing and How Does it Factor Into Our Future
Boston Chops Steakhouse
Why Boston Chops is One of Boston’s Finest Steakhouses
10 Reasons to Stay at The Dominick in NYC
Grill 23 Boston
Why Grill 23 is One of Boston’s Finest Steakhouses
Intercontinental Times Square
10 Reasons You Should Stay at the Intercontinental in Times Square
2000 Ferrari Rossa by Pininfarina
A Closer Look at The 2000 Ferrari Rossa by Pininfarina
1956 Ferrari 250 Testa Rossa
A Closer Look at The 1956 Ferrari 250 Testa Rossa
1967 Ferrari 330 P4 Berlinetta
A Closer Look at The 1967 Ferrari 330 P4 Berlinetta
1968 Ferrari Dino 246
A Closer Look at the 1968 Ferrari Dino 246
What to Watch For: A Collector’s Interview
A Closer Look at the Breitling Bentley Flying B No. 3
2019 Breitling
Benefits of Authorized: Avoiding the Grey Market
Breitling Emergency II Titanium
A Closer Look at the Breitling Emergency II Titanium