transforming the cso role to business enabler
Post on 17-Jul-2015
361 Views
Preview:
TRANSCRIPT
CEOs Focus
• Growth & market share
• Profit & the bottom line
• Operational efficiencies
• Business agility & competitive advantage
• Looking awesome on CNBC & being referenced on the front page of the WSJ
CSOs FocusProtecting the business while dealing with:
• Increasingly hostile threat environmento Financially motivated & well-organizedo Nation-state sponsoredo Advanced, sophisticated & targeted
• Rapidly evolving infrastructureo Data-center transformation (SDDC, private cloud)o Public / private cloud hybrido Mobile devices
• Dizzying array of exciting compliance initiatives
And…never being referenced on the front page of the WSJ!
Rapidly Evolving Infrastructure & Technology
IT enterprise architecture circa 2006
IT enterprise architecture circa today
IT enterprise architecture circa 2000
Too Often, The CSO Has Been Positioned as “Dr. No”
NO!
Can I use my own
smart phone to access
corp. resources?
Can we run our BU’s
workloads on AWS?
Can you approve
the use of this SaaS
application?
Tip #1: Commit to Change• Tell people that you’re committed
• Paint a vision for the future & develop a roadmap for change
• Engage the business units & understand their needs
• Rally the troops and continue to show progress towards reaching business objectives
Tip #2: Speak in the Language of the Business• Translate “security speak” to business value
• Stay away from the technical details
• Become a story teller; use simple language
• Relate what your team is doing to meet business objectives
• Preventing data loss/breaches can be investments in:
o Innovation
o Enhancing the bottom line
Tip #3: Embrace Shadow IT• Support the business drivers: speed, agility• Invest in technology that empowers business, but gives
visibility, protection across cloud infrastructure• Implement a security playbook; then publish it to the business:
o Policieso Procedureso Technology
Tip #4: Leverage Analytics
• Use data to make your case
• Present analytics in clear, simple language
• Agree on small set of KPIs to measure progress
Tip #5: Invest in Agile Security… • Agile security is…
o Portable (works anywhere)o Scalable (on-demand)o Automatedo Orchestratedo Service-orientedo Flexible, metered licensing
• A flexibly defined set of automated, orchestrated security controls that work anywhere, at any scale, on-demand
…That Addresses Six Critical Control Objectives
Immediate, consistent, continuous knowledge of what assets exist, where they reside, & what they’re doing.
Visibility Strong, layered controls enabling authorized access & denial of resources to unauthorized entities.
Strong Access Control
Continuous detection & elimination of issues that create exploitable points of weakness.
Vulnerability Management
Assurance that critical data is encrypted & used appropriately by authorized entities while in motion or at rest.
Data Protection
Capabilities that enable detection & response to malicious or accidental compromise of resources.
Compromise Management
Day-to-day management of technologies & processes that comprise security & compliance.
Operational Automation
Want to Learn More?
awilliams@cloudpassage.com
www.cloudpassage.com
top related