Digital Edition

SYS-CON.TV
The CIO’s Critical Shift: This Might Hurt
I’m simply talking about security here

Talk of so-called "sea change developments" and "paradigm shifts" has long been rife among the IT media and the web's wider technology commentary channels.

Right now we're all talking about cloud, mobile empowerment (let's not forget the Bring Your Own Device tagline here) and virtualized computing resources as we re-align many of the mechanics that drive our collective IT resources. But does all this talk of "new compute models" leave us at risk of forgetting other large-scale departmental changes, which still have to be brought to bear by the CIO?

I'm simply talking about security here.

The CIO is now also being joined by a CISO (Chief Information Security Officer), although in many cases this turns out to be one and the same person. The CIO's security remit now must encompass absolutely all of the people, processes and technology that impact the day-to-day running of the business and this is no small matter.

What needs protection?

Well, if you want a shopping list of assets that need protecting, it's not just applications and the data that resides within them - it's also financial monetary assets, data pertaining to customers, the Intellectual Property and "business goodwill" that exists inside the firm and the overall brand and image that is presented to the market.

But risk averse CIOs come in different shapes and sizes.

On the one hand there is the more passive "protect and respond" type who will read the news and the threat reports and act as best they can to remediate security breaches and take action against new dangers as they crop up.

Then there is the more progressive "serve and protect" type who sees it as his or her responsibility to shake up the boardroom into action and champion the cause of breach preparedness and total security maturity across the business.

While perhaps too many CIOs (and CISOs) will find themselves falling into the former more passive category due to budget constraints and day-to-day management responsibilities, there is a very real need for CIOs to make the "critical shift" to the latter of our two character types and take on a role that assertively embraces holistic risk management from every user endpoint to every server switch.

It's wake up time.

As information security now becomes a regularly tabled boardroom topic of discussion, we are almost seeing a new role for the CISO to step into the shoes already worn by the CFO in the seventies (when the accountancy function came forward to play a senior role in the boardroom) and the CIO in the eighties and nineties (when the "IT guy" started to appear at the Annual General Meeting in jeans and talk about employee connectivity) - it's a potentially painful "critical shift"... but it absolutely has to happen.

In a white paper report released last year, HP suggested that enterprise organizations have been under security attacks for the past decade, but the security events in 2011 have created a ripple effect that will be felt for years to come and will actually start to shift the way enterprise organizations view security.

According to the 2011 top cyber security risks report, "The year 2011 saw a significant increase in activity from hacktivist groups Anonymous and Lulz Security (LulzSec). The motivation for these groups' organized, systematic attacks on businesses or individuals - retaliation for perceived wrongdoing - brings new visibility to a security threat that has been looming for years and highlights a new era of security risk that must be addressed."

Prioritize protection policies and processes.

The threats are very real, but we also know that simply unplugging the business from the Internet is not a viable security option. As we now look to minimizing risk to the most critical assets of the business without interrupting or impeding business operations we will need to prioritize our protection policies and processes.

There are critical shifts afoot; this might hurt - a bit!

This post was first published on the Enterprise CIO Forum.

About Adrian Bridgwater
Adrian Bridgwater is a freelance journalist and corporate content creation specialist focusing on cross platform software application development as well as all related aspects software engineering, project management and technology as a whole.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Today, we have more data to manage than ever. We also have better algorithms that help us access our...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by Fi...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news an...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
"We host and fully manage cloud data services, whether we store, the data, move the data, or run ana...
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize exist...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud,...