Are you Liberated or in Lockdown?

Barely a day goes by when you don’t read in the papers about some security breach or other. Did you hear about the one a few weeks ago where a fraudster hacked 272 million unique email addresses and passwords? In this instance, a security firm, Hold Security, persuaded him to hand the information over, which he did. Their founder Alex Holden summed it up when he said, “Eventually, almost everyone gets breached.”

And that’s what keeps CISOs up at night. That inevitability. Given that most organisations are unaware malicious breaches have occurred until 256 days later (Source: Ponemon Institute), it’s not surprising. When I was moderating a roundtable discussion recently on security, Jim Griffiths, Head of Information Security at Kier Group voiced what everyone else was thinking:

“Like many others we’re kind of secure
right up until the point we’re not.”

But what point is that? Wouldn’t that be nice to know…

So, it’s not if but when. But while you’re waiting for the inevitable, where do you position yourself on the spectrum of liberation vs lockdown.

As Kamini Patel, CISO at Centrica put it,

“One of the considerations is what is enough to satisfy
a) the board, b) the stakeholders, and c) making sure that we’ve got adequate controls in place without turning it into a Fort Knox where you can’t use the systems?
So there has to be a level of trust.”

You need trust if only not to slow things right down and kill off agility and hence business performance. The other issue is frankly, that if you don’t trust your users, or give them what they want they’ll just go around you and do it anyway. This sounds a little bit like being a parent dealing with a wayward child. Maybe it’s not that different.

Bruce Davie, CTO of Networking at VMware put it succinctly, suggesting

“You need to to view security and agility as flip sides of the same coin in that, yes we all want to be secure. We don’t want to be on the front page of the newspaper as the last big company that got hacked. But we have users who need to get their jobs done. And so we have to find ways of delivering security that don’t inhibit either agility.”

So, a system that is secure, agile, that satisfies the board / stakeholders and trusts users enough but not too much. Oh and that can detect the unknown unknowns. It’s a tough checklist. No wonder then that CIO and CISO turnover is high…

 

Arrange a Conversation 

Profile Picture
by Sasha Qadri

Sasha Qadri is an Editor and Presenter at MeetTheBoss TV

Browse

Article by channel:

Search

Everything you need to know about Digital Transformation

Read more articles tagged: Featured, Hacking

Cyber Security

Popular Now

The Case For Digital Transformation
An Executive Summary: Leading Digital by George Westerman, Didier Bonnet & Andrew McAfee
The Case For Digital Transformation
The Digital Transformation Pyramid: A Business-driven Approach for Corporate Initiatives
Strategy & Innovation
Target Operating Models & Roadmaps for Change
Delivery
Data Asset Management (DAM)
Strategy & Innovation
The Innovation Management Theory Evolution Map

Related Articles

People & Change
Functions in the new melded network HR model
Strategy & Innovation
Re-imagining Drive Thru restaurants – Innovation or not?
Customer Engagement
Industry 5.0 – Next Generation Customer Experience Redefined?
© Copyright The Digital Transformation People 2018