FINAL WORD
The danger of saying no
Progress waits for no man. While security
teams may find themselves at a stalemate,
organisations are still charging full-speed
ahead with their Digital Transformation
initiatives. They don’t have time to navigate
any impasse; they know that they need to
innovate to become more efficient and to
maintain a competitive edge.
Peter Margaris, Head of Product Marketing
at Skybox Security
CISOs lack necessary network visibility
But pushback from the CISO and their
security team doesn’t just happen because
they’re worried about their workloads. Many
are also concerned because they know that
they’re not in the best position to secure any
additions to their security environment.
If they don’t already have visibility over
their hybrid estate, they can’t picture their
security status as it is now, let alone how it
would look with any number of innovations
tacked on.
When they put their hands up to say, ‘stop’
or ‘slow down’, it’s because they know just
how dangerous new third-party apps, or
virtualised networks, or IIoT devices can be
to their already fragile risk posture.
This results in security being overlooked. If
it isn’t ignored completely, it’s relegated
to an insufficient checkbox exercise during
DevSecOps processes. When properly
embedded, security underpins the success
of any innovation. But when security is
sidelined, it’s possible that an organisation’s
Digital Transformation initiatives could bring
the business to its knees.
Disconnected processes often lie behind the
execution of poor security. The likelihood of
process disconnect only increases in hybrid
environments. One of the main reasons
behind this is the separation of teams
responsible for different portions of the
network. In hybrid environments, not only
can there be separation between the security
and operations teams, the growing DevOps/
DevSecOps team also adds yet another layer
of departmental complexity.
The CISO needs to make sure that process
disconnect doesn’t impact the delivery
of effective security. They need to ensure
that they don’t operate within silos and
that they have the oversight needed to
ensure that all processes are fully aligned.
One example of how misalignment harms
organisations is when cloud services are
misconfigured. Many organisations work
with an assumption that cloud services
are secure, but if their access points aren’t
properly configured then they could end up
ushering in any number of new threats.
Insufficient cloud security protocols and a
lack of testing are leaving many businesses
exposed and this trend will continue to
gather pace if cloud deployments aren’t fully
within the purview of the CISO.
Which is why it’s so important for security to
be seen as ‘The Department of Yes’.
If they are known as a driving force behind
ensuring the success of any innovation, then
they will improve their position within their
organisation and be able to influence future
transformation strategies.
Becoming ‘The Department of Yes’
The first step towards becoming ‘The
Department of Yes’ is deeply rooted in
gaining complete and continuous network
visibility to allow for aggregation of all
relevant data needed to effectively model
the network.
From there, security teams will be able
to assure their business’ current security
posture and can be confident in their ability
to adapt to changes as and when they come.
On top of this, the CISO needs to have a
context-rich understanding of their security
environment. They need analytics which
gives them insight into potential risks and
their compliance status at all times.
PETER MARGARIS – BIOGRAPHY
In most organisations, a lack of network
visibility combined with inconsistent
security measures tied to new technology
deployments are the root cause of security
being seen as ‘The Department of No.’
If this perception is going to change, then
the CISO needs to ensure that they can gain
full network visibility and predictive modeling
capabilities. If they’re able to see everything
that needs to be protected plus analyse
and predict where risks and vulnerabilities
may arise, they will be more confident in
their team’s abilities to deploy and protect
new network elements. It’s the first step to
security becoming ‘The Department of Yes.’
84
INTELLIGENTCIO
As Head of Product Marketing, Peter
Margaris is responsible for the company’s
overall solution messaging, positioning,
field enablement and go-to-market
strategy. With a diverse background
and over 25 years of experience in sales
and marketing, Peter has held business
leadership roles at Palo Alto Networks, F5
Networks, Motorola, Nokia and various
start-up companies in Silicon Valley. Peter
has a BS in Electrical Engineering from
Illinois Institute of Technology and an
MBA with a concentration in Marketing
from the University of Illinois.
Finally, they need to ensure that they are
making the most efficient use of their
existing resources.
The best way to do this is by introducing
intelligent automation that will save them
time and money as well as improving the
outcome of processes and freeing up teams
so that they can focus on more strategic tasks.
To shed its negative reputation, security
departments need to stop operating on the
back foot. When they know that they’re in
control of their entire hybrid estate, they’re in
a much better position to be able to say ‘yes’
and welcome innovation with open arms. n
www.intelligentcio.com