In my last blog I talked about the key technologies breaking down our doors in 2013. The four key areas were Cloud Computing, Social Media, Big Data and Mobile Devices. None of these should have come as a surprise to anyone in the industry today. These are all topics that are discussed and debated around tables of security teams in most enterprises. So, what can we do today to ensure we are prepared for these challenges and how do we start reinforcing our doors so that we allow these new technologies but have greater control and visibility and provide transparency for the user?
There are three gaps that will help with this reinforcement. Addressing these gaps will require organizations to act now!
- Security teams have always been seen as business inhibitors and it’s fair to say that this view has been changing. But as organization embraces the new technologies in 2013 they will have to up their skills quickly not only in understanding the security implications of these technologies but more importantly the impact on the overall business. The security team must work with the business to understand the risk and develop protection strategies to mitigate them to an acceptable level. 2013 is the year that information security migrates from being IT-focused to a business-focused problem. The success of security teams will be measured on their ability to enable business which will ultimately require tying security programs to business outcomes.
- The security industry has lobbied the C-level suite in recent years to elevate the security message and to an extent this campaign has been successful with most CISO’s meeting regularly with the board. This has also been driven by more stringent regulatory requirements. However, it seems the gap is lower down the chain. Middle management seems to be measured on deadlines, revenues or timeframes for delivery and therefore is reluctant to spend any time or resources on security, and typically this doesn’t fit into their objectives. Security teams will have to build relationships with these middle managers to help them understand the value of security. This is not going to be easy…
- The supply chain in most organizations has been transformed in recent years. We need to focus on each element of the chain. Last year PC’s that were manufactured in China were found to be shipping with malware pre-installed, exposing flaws in the global supply chain. It’s not only hardware but software and applications have moved on dramatically with the ability for a user to download an app in seconds on his mobile device and use it to access corporate resources. So, it’s time to re-visit the entire supply chain and identify the gaps.
Look out for my next blog on Action Plans for each of the four disruptive technologies.