The ponytail vs the tie: who wins the security death match?
APT, DLP, IAM, UTM – these acronyms are meat and drink to those working with cybersecurity. However, they are not at all familiar to those who decide what and how security investments are made and prioritized: the C-suite.
ICT continues to become increasingly pervasive. Business has discovered its potential for agile innovation, go to market and collaboration. What has followed is that business people have started to buy ICT wholesale. E.g. cloud capacity is readily available for making everyday life easier.
Unfortunately, this has widened the traditional gap between the security department and business. Finding out they can buy cloud by the pound, business has torn itself loose from traditional constraints and is flying high with new applications and services.
Where does this leave the poor security people? In the worst case, the security department has no visibility on what business is doing in terms of IT. Suddenly, the ICT environment is no longer a city with lit streets; it is a jungle, where every man and woman is left to fend for themselves. Cybersecurity is as strong as its weakest link; even a coffee machine can be a security risk.
Today, technology is seen as an enabler, but security is seen as a hindrance. As illustrated in a VMware sponsored study by EIU, security is seen to absorb too much management time, reduce efficiency and stifle collaboration and innovation.
Cybersecurity should be simple. Simple for the C-suite to understand and invest in, simple for IT to implement and manage, simple for end users to follow. For instance, if setting up a VPN connection is too troublesome, many resort to sending sensitive material in unprotected email, as done recently in the White House.
The security experts have the responsibility to make security an enabler. They need to demonstrate that it can be easy, and cost effective, and proactive. This is the job of the CISO.
As the interpreter between business and cybersecurity, the CISO is a default member of the management team. The CISO is the person who needs to ensure that security permeates the entire organization, and is not merely a layer of veneer over ICT.
The other side of the coin is that business needs to involve security early on in whatever the next project is, be it product development, setting up a devops network or a new collaboration tool. That way, security can be built into the whole architecture parallel to business and other IT requirements. Ideally, every product development team has one security expert, or at least one security savvy IT person, who can then include the security perspective in design.
Ponytails and ties have for a long time viewed each other with suspicion. However, there should be no death match between the two groups. They need to talk and listen to each other even more to come together to demonstrate that simplicity is possible in cybersecurity.
Do you want to know more about securing your business? Download our white paper about visible cyber security.