New Demands on CISO

Consumer Technology is inside the perimeter. It's been an invasion of devices, apps and cloud services. Enterprise data has found an easy bridge to cross the perimeter and free itself. None of this is unknown to us; though have to admit it's been a sensational development at a sensational pace. Technology adoption and work style adaptation has happened with passion that has never been witnessed or experienced by an enterprise app or project. 

As a CIO one only hopes and wishes that these virtues be associated with enterprise IT initiatives we lead.  All of this has caught us off guard as most of this is unplanned induction and some definitely see it as an intrusion.

The CISO's role is all the more critical against this backdrop. The CISO, to be really effective, will have to don a new avatar or rather add a few more facets to his personality. While setting the ground rules and policing to ensure adherence to policies have been the only traits CISOs have shown, and while some have undertaken branding and advertising to ensure awareness, nobody has seriously stepped into the shoes of an educator and a protector. 

Every organization has policies around the ownership, distribution and life-cycle management of all its enterprise assets; specially data. Data is all over the place - documents, data in the enterprise database, spreadsheets, scribbles and notes on note pads. Employees create data on the go. 

Consumer technology has placed in the hands of employee, tools and devices that come to their aid in doing their jobs effectively. In this process, enterprise data is not just passing through these personal devices and cloud storage, it is actually being created on them and then, hopefully, getting into enterprise systems. There is ample scope for data theft and data leakage. While enterprise governance is all about checks and balances to safeguard corporate assets and contain risks, employees are all about productivity, speed, quality of service and delivering the wow factor with attitude in their deliveries. 

Governance need to ensure employees can bring all of that onto the table in a secure environment as employees find lot more exciting tools outside the secure environment. One way to get around this is to step up the act on awareness and education.

The CISO is in a fantastic position to map the spirit and the letter of the corporate policies to these consumer technology choices that are all around us and highlight, clearly, in simple language, with examples, the possible damage that could happen to the enterprise if some of these apps were used. 

I reached out to 12 senior CISOs in the industry before I penned this blog post and everyone thought that it was a good idea and some called it innovation. I was actually a bit miffed. I reminded them, that this had always been an expectation from their chair, but all that one got was policies and policing. 

CISOs need to be aware that they are here to support the employees conduct their business in a safe and secure environment. Along with education and awareness, the CISO needs to push the CIO's team to fund small labs that can discover the best way to leverage these consumer technology ideas within their enterprise to achieve business goals.

It would be nice to see CISOs bring out videos and literature that shows how enterprise data and hence the personal credibility of employees could be at risk by unabated and un-mentored use of apps like Dropbox and Evernote. 

At the same time the CISO should work with the CIO to figure out ways of accommodating such features and functionality within the enterprise. CISOs need to bring their expertise on the table in a lot more ways than just policing. This happens when CISOs wed their agenda with business objectives beyond just securing the enterprise and extend their expertise to areas around employee productivity and morale enhancement by supporting agility in the employee personal productivity space. 

Everyone loves carrying and showing off not just cool devices, but how they use it to deliver value. Most of the time, the wow factor created is targeted around their individual selves, no harm in supporting it, if it does 

Categories: Technology

About Author

Orange Themes

Nagaraj G N

Nagaraj G N is the former Group CIO at Interglobe Enterprises. He is a Business-Technology Leader with 18+ years of ...

Read more

Write a Comment

Your e-mail address will not be published.
Required fields are marked*


Recent Comments