Welcome!

SDN Journal Authors: Yeshim Deniz, Pat Romanski, Elizabeth White, Liz McMillan, TJ Randall

Related Topics: Cloud Security, Java IoT, Microservices Expo, Linux Containers, @CloudExpo, SDN Journal

Cloud Security: Article

Selling Security

Enterprises can no longer afford to see their CISOs confined to the dark recesses of the IT department

The threats facing network operators all over the world, spanning service providers, enterprises, cloud and hosting providers and mobile operators alike, are by no means stalling. While optimism is always the name of the game, we know all too well in security that trying to keep pace with the slew of attack vectors out there today is an unfortunate reality. As our 9th annual Worldwide Infrastructure Security Report reveals the magnitude of attacks is on the upswing once again and coupled with increasingly complex, multi-vector style attacks, the threat is all too real.

Winning the battle against those threats depends on many factors: the expertise of the security organization; response plans and resources; and the ability to put those plans into action. Increasingly, part of the challenge for Chief Information Security Officers (CISOs) is in getting the right support from their senior management. That's not necessarily a new hurdle for CISOs to overcome. Management buy-in has always been vital for dealing with IT security threats. But with threats becoming more complex, the priority for CISOs is ensuring that they have sufficient resources to deal effectively with those issues.

Executive and board-level awareness of these threats is already pronounced: recent research found that senior executives and risk managers within American and Canadian enterprises today are more concerned about losing money through cyber threats than they are through property damage or investments or securities failing.[1] This growing board-level awareness as to the severity of IT-based attacks means CISOs have an opportunity to champion their own role as a risk manager and defender of the business. By showing leadership and engaging proactively with other heads of department, CISOs can show how their expertise adds a ‘return on prevention' value to the business.

However, when it comes to getting their voices heard, many CISOs face an uphill struggle from day one - everything from IT being seen as ‘just' the cost of doing business and not an asset, to board members with vastly different priorities (i.e., those who would rather wait for their house to be on fire to call the fire department versus taking preemptive action upfront). If CISOs are to deliver an understandable call to action and gain the credibility to push their strategic plans, they need to deploy a range of tactics to make their voices heard including:

  • Discuss security risks in a way that resonates with management: Expecting the management/executive team or board to learn the information security professional's vocabulary can be unrealistic. Instead, the CISO must communicate threats in a way that the leadership team understands. This language barrier doesn't need to be a hindrance though; approached in the right way, it can actually be an excellent way for CISOs to showcase how their role fits within the overall corporate risk management strategy.
  • Translate prevented costs to realized goals: The substantial increase in botnet code modification and botnet node recruitment may be crucial in the understanding of how attacks are developing, but bring these terms up in a conversation with a CFO and you're likely to see their eyes glaze over faster than you can say Distributed Denial of Service (DDoS). The primary message a CISO needs to get across is the threat that attacks of any kind pose in terms of lost revenue, reduced productivity and damage to the business brand.
  • Anchor the threat in your own organization: Engage with the CFO and COO to obtain financial figures relating to the cost of your operations and the amount of money generated through online services and a workforce reliant on a fully functioning IT network. Armed with these figures, CISOs can offer a realistic estimate of the negative financial impact of a level-one cyber attack where key IT services might be adversely affected. In an age where many institutions have built strong revenue streams and enhanced customer loyalty through online and mobile services, it also provides an opportunity for CISOs to demonstrate the crucial role they can play in preserving business operations.

These days, no enterprise risk assessment and business plan is complete without taking into account the operational risk represented by cyber security attacks intended to have a negative effect on the availability of key online services. Enterprises can no longer afford to see their CISOs confined to the dark recesses of the IT department because as DDoS attacks and other cyber threats have become increasingly high-tech and more complex, enterprises need a technologist with a seat at the table.

But with greater responsibility comes the challenge of gaining and maintaining credibility within the C-suite. And it is only by conveying this threat in a language the business understands - by demonstrating the potential outcomes using examples familiar to other business heads - that the CISO will be able to get the buy-in they need to do their job properly. This is the challenge and the opportunity - the opportunity for the CISO to get the recognition they deserve and the backing to deal with the ever-growing threat faced by organizations today.

Resource:

  1. Execs Say Cyber-Attacks a Top Threat: AIG Survey-CNBC News-6 February 2013

More Stories By Rakesh Shah

Rakesh Shah is Director, Product and Strategy Marketing of Arbor Networks. He has been with the company since 2001, helping to take Arbor's products from early stage to category-leading solutions. Before moving into the technical marketing team, Rakesh was the Director of Product Management for Arbor's Peakflow products, and he was also a manager in the engineering group. Previously, Rakesh held various engineering and technical roles at Lucent Technologies and CGI/AMS. He holds a M.Eng. from Cornell University and a BS from University of Illinois at Urbana-Champaign both in Electrical and Computer Engineering.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
"Cloud computing is certainly changing how people consume storage, how they use it, and what they use it for. It's also making people rethink how they architect their environment," stated Brad Winett, Senior Technologist for DDN Storage, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In his session at 20th Cloud Expo, Brad Winett, Senior Technologist for DDN Storage, will present several current, end-user environments that are using object storage at scale for cloud deployments including private cloud and cloud providers. Details on the top considerations of features and functions for selecting object storage will be included. Brad will also touch on recent developments in tiering technologies that deliver single solution and an end-user view of data across files and objects...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...