Welcome!

SDN Journal Authors: Elizabeth White, Johnnie Konstantas, Cloud Best Practices Network, Sarah Patrick, Ramesh Ganapathy

Related Topics: Cloud Security, Java IoT, Microservices Expo, Linux Containers, @CloudExpo, SDN Journal

Cloud Security: Article

Selling Security

Enterprises can no longer afford to see their CISOs confined to the dark recesses of the IT department

The threats facing network operators all over the world, spanning service providers, enterprises, cloud and hosting providers and mobile operators alike, are by no means stalling. While optimism is always the name of the game, we know all too well in security that trying to keep pace with the slew of attack vectors out there today is an unfortunate reality. As our 9th annual Worldwide Infrastructure Security Report reveals the magnitude of attacks is on the upswing once again and coupled with increasingly complex, multi-vector style attacks, the threat is all too real.

Winning the battle against those threats depends on many factors: the expertise of the security organization; response plans and resources; and the ability to put those plans into action. Increasingly, part of the challenge for Chief Information Security Officers (CISOs) is in getting the right support from their senior management. That's not necessarily a new hurdle for CISOs to overcome. Management buy-in has always been vital for dealing with IT security threats. But with threats becoming more complex, the priority for CISOs is ensuring that they have sufficient resources to deal effectively with those issues.

Executive and board-level awareness of these threats is already pronounced: recent research found that senior executives and risk managers within American and Canadian enterprises today are more concerned about losing money through cyber threats than they are through property damage or investments or securities failing.[1] This growing board-level awareness as to the severity of IT-based attacks means CISOs have an opportunity to champion their own role as a risk manager and defender of the business. By showing leadership and engaging proactively with other heads of department, CISOs can show how their expertise adds a ‘return on prevention' value to the business.

However, when it comes to getting their voices heard, many CISOs face an uphill struggle from day one - everything from IT being seen as ‘just' the cost of doing business and not an asset, to board members with vastly different priorities (i.e., those who would rather wait for their house to be on fire to call the fire department versus taking preemptive action upfront). If CISOs are to deliver an understandable call to action and gain the credibility to push their strategic plans, they need to deploy a range of tactics to make their voices heard including:

  • Discuss security risks in a way that resonates with management: Expecting the management/executive team or board to learn the information security professional's vocabulary can be unrealistic. Instead, the CISO must communicate threats in a way that the leadership team understands. This language barrier doesn't need to be a hindrance though; approached in the right way, it can actually be an excellent way for CISOs to showcase how their role fits within the overall corporate risk management strategy.
  • Translate prevented costs to realized goals: The substantial increase in botnet code modification and botnet node recruitment may be crucial in the understanding of how attacks are developing, but bring these terms up in a conversation with a CFO and you're likely to see their eyes glaze over faster than you can say Distributed Denial of Service (DDoS). The primary message a CISO needs to get across is the threat that attacks of any kind pose in terms of lost revenue, reduced productivity and damage to the business brand.
  • Anchor the threat in your own organization: Engage with the CFO and COO to obtain financial figures relating to the cost of your operations and the amount of money generated through online services and a workforce reliant on a fully functioning IT network. Armed with these figures, CISOs can offer a realistic estimate of the negative financial impact of a level-one cyber attack where key IT services might be adversely affected. In an age where many institutions have built strong revenue streams and enhanced customer loyalty through online and mobile services, it also provides an opportunity for CISOs to demonstrate the crucial role they can play in preserving business operations.

These days, no enterprise risk assessment and business plan is complete without taking into account the operational risk represented by cyber security attacks intended to have a negative effect on the availability of key online services. Enterprises can no longer afford to see their CISOs confined to the dark recesses of the IT department because as DDoS attacks and other cyber threats have become increasingly high-tech and more complex, enterprises need a technologist with a seat at the table.

But with greater responsibility comes the challenge of gaining and maintaining credibility within the C-suite. And it is only by conveying this threat in a language the business understands - by demonstrating the potential outcomes using examples familiar to other business heads - that the CISO will be able to get the buy-in they need to do their job properly. This is the challenge and the opportunity - the opportunity for the CISO to get the recognition they deserve and the backing to deal with the ever-growing threat faced by organizations today.

Resource:

  1. Execs Say Cyber-Attacks a Top Threat: AIG Survey-CNBC News-6 February 2013

More Stories By Rakesh Shah

Rakesh Shah is Director, Product and Strategy Marketing of Arbor Networks. He has been with the company since 2001, helping to take Arbor's products from early stage to category-leading solutions. Before moving into the technical marketing team, Rakesh was the Director of Product Management for Arbor's Peakflow products, and he was also a manager in the engineering group. Previously, Rakesh held various engineering and technical roles at Lucent Technologies and CGI/AMS. He holds a M.Eng. from Cornell University and a BS from University of Illinois at Urbana-Champaign both in Electrical and Computer Engineering.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often adds complexity and increases costs. In his session at 18th Cloud Expo, Seth Oxenhorn, Vice President of Business Development & Alliances at FalconStor, will discuss how a truly heterogeneous software-defined storage approach can add value to legacy platforms and heterogeneous environments. The result reduces complexity, significantly lowers cost, and provides IT organizations with improved effi...
Data-as-a-Service is the complete package for the transformation of raw data into meaningful data assets and the delivery of those data assets. In her session at 18th Cloud Expo, Lakshmi Randall, an industry expert, analyst and strategist, will address: What is DaaS (Data-as-a-Service)? Challenges addressed by DaaS Vendors that are enabling DaaS Architecture options for DaaS
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection.
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
Father business cycles and digital consumers are forcing enterprises to respond faster to customer needs and competitive demands. Successful integration of DevOps and Agile development will be key for business success in today’s digital economy. In his session at DevOps Summit, Pradeep Prabhu, Co-Founder & CEO of Cloudmunch, covered the critical practices that enterprises should consider to seamlessly integrate Agile and DevOps processes, barriers to implementing this in the enterprise, and pr...
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
Advances in technology and ubiquitous connectivity have made the utilization of a dispersed workforce more common. Whether that remote team is located across the street or country, management styles/ approaches will have to be adjusted to accommodate this new dynamic. In his session at 17th Cloud Expo, Sagi Brody, Chief Technology Officer at Webair Internet Development Inc., focused on the challenges of managing remote teams, providing real-world examples that demonstrate what works and what do...
As enterprises work to take advantage of Big Data technologies, they frequently become distracted by product-level decisions. In most new Big Data builds this approach is completely counter-productive: it presupposes tools that may not be a fit for development teams, forces IT to take on the burden of evaluating and maintaining unfamiliar technology, and represents a major up-front expense. In his session at @BigDataExpo at @ThingsExpo, Andrew Warfield, CTO and Co-Founder of Coho Data, will dis...
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
In most cases, it is convenient to have some human interaction with a web (micro-)service, no matter how small it is. A traditional approach would be to create an HTTP interface, where user requests will be dispatched and HTML/CSS pages must be served. This approach is indeed very traditional for a web site, but not really convenient for a web service, which is not intended to be good looking, 24x7 up and running and UX-optimized. Instead, talking to a web service in a chat-bot mode would be muc...
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...
Fortunately, meaningful and tangible business cases for IoT are plentiful in a broad array of industries and vertical markets. These range from simple warranty cost reduction for capital intensive assets, to minimizing downtime for vital business tools, to creating feedback loops improving product design, to improving and enhancing enterprise customer experiences. All of these business cases, which will be briefly explored in this session, hinge on cost effectively extracting relevant data from ...
SYS-CON Events announced today that iDevices®, the preeminent brand in the connected home industry, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. iDevices, the preeminent brand in the connected home industry, has a growing line of HomeKit-enabled products available at the largest retailers worldwide. Through the “Designed with iDevices” co-development program and its custom-built IoT Cloud Infrastruc...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies adopt disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevO...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...