What approaches do you see CISOs taking to create secure networks?
What we often hear is, “First let me deal with my table stakes. Let me make sure that I don’t have any glaring holes,” and when that happens, usually you’re looking a couple of things. You’re looking at either applications and, “Are my apps secure?” or you’re looking at the network and trying to make sure that first and foremost the infrastructure and the apps are secure. We spend a lot of our time still looking at applications and trying to make sure that the apps are secure and the networks are segmented appropriately and the right kind of security frameworks are in place there.
Those are table stakes, and that has to be done, and then what’s that done, there is a big interest and focus around response. It’s around the intelligence side of response so they can work on preparedness and then it’s about how quickly can we gather, contain and get back to an operational state once something occurs within the environment.
How are CISOs looking at the Internet of Things?
I would say that if there’s one area that is becoming very interesting to us because everyone knows it’s coming, but it’s defined a lot of ways, is IoT and the whole IoE, the Internet of Everything. What we’re beginning to see now in cases where it’s no longer just, “I’m about to put a device on the network, and I want to make sure it’s secure,” but it’s really about, “How do I digitize in a complete business process? How can I take what was once a process that was driven by industrial means and now add sensors, gather information at the point of attack and then use all that information to feed back intelligence into the backend that allows me to make decisions that might be market-based decisions around demand for specific products or it might be decisions that can be made on how do you go about fertilizing different lands in a certain way to help increase yields for farmers?”
You have to begin to think about it from the ground up moreso than just going in and trying to plug holes. That’s one of those things again around the CISO role becoming more strategic, is that we’re seeing that in addition to the technical aptitude, they have to also make sure they’ve got a really keen sense of the business processes and how those are evolving as well.
Sign up for Computerworld eNewsletters.