February 9, 2016

CEO, three reasons why security must be lead proactively, not reactively

Markus Melin

Head of Tieto Security Services, Tieto

In security, it has been traditionally thought that no news is good news.

In other words, if you hear no notifications from your organization’s security infrastructure, you can trust that security is intact and everything is running smoothly.

Today, that kind of approach is simply not enough. Security must be managed in a proactive way. There are three reasons why.

The first aspect is rather technical. A lot of security breaches are based on so-called zero day vulnerabilities, i.e. vulnerabilities that are not publicly known when the bad guys exploit them and thus cannot be pre-emptively defended against.  An illustrating example is US health insuring company Premera Blue Cross. It was the target of a cyber attack that exposed massive amounts of medical and financial information. But the really worrying aspect was that when the company detected the breach on January 2015, cyber criminals may have had access to the systems for over six months before that without being detected.

The second reason is business accountability. Even if you know that security is in good shape, others may not know it. Increasingly, those others are your customers, business partners or regulators. In an era of digital business, organizations must be prepared for auditing at any time. And as pointed out in an earlier blog post, failing to do so may result in pretty heavy financial penalties from the regulating agencies.

The third reason is that security landscape is increasingly complex. Snapshot reports usually don’t tell the truth - e.g. inbound network traffic may look just fine, but when combined with outbound network traffic, may show something worrying. Equally troublesome are so-called false positives, i.e. erroneous warnings when everything is going just fine.

What you need is a holistic view to security. It’s really like weather forecasting: with just one or two data points, estimates are not going to be very accurate.

Business intelligence transformed corporate reporting - we do the same for security

So more headaches for the CEO, it seems. While more technical personnel take care of nuts and bolts, it is the CEO that is ultimately responsible for leading it all.

Our model of managed security services aims to ease the pain.

The security infrastructure may consist of a combination of in-house, Tieto, and third party components and technologies. The essential thing is a transparent, holistic view to security. This is the real-time survival tool for tackling the three above-mentioned challenges that shape the present-day security landscape. In an increasingly complex environment, security as a service is a natural evolution compared to doing everything in-house.

With our managed security services model, it’s possible to transform security in the same way that business intelligence has altered financial reporting: less focus on things that have already happened and more drive on predictive power and insights into what’s going to happen next.

For more detailed information please see our white paper.

Stay up-to-date

Get all the latest blogs sent you now!