Data flow enabling transformation is challenge for CISOs

Technology is bringing about some profound and irreversible changes to how businesses operate. Because of the proliferation of consumer technology, users expect the same experience and ease of use with technology used in the business. This augurs well for the business where adoption of their new solutions becomes easy with less efforts to promote and train users.

Technology also fosters a model where a business can truly operate in a decentralised model, yet not compromising on the centralised spirit and culture, by closing the gaps in communication and collaboration. Technology application has also become inevitable for businesses to respond to external factors like a new law or regulation coming into force and the business mandated to comply. These are factors where technology plays a very strategic role for driving business growth and building differentiation.

Businesses realising the need to go through a transformation often focus on the following three aspects. The first is the value transformation where the business has to invent a completely new business model that offers more value at less cost and is relevant to the current day and age.

The second is the ability to operate in a totally decentralised fashion, yet the overall performance of the business should be optimal and meet the stated objectives. The third would be the unrelenting focus on understanding the changes in customer expectations and doing every bit to enhance it every day.

Any business transformation should start at such fundamentals and then look at how to leverage the best the current technology has to offer to enable the transformation. Blindly falling for the hype of a new technology and trying to force fit it into the business operations is a recipe for disaster.

For CISOs, every day is a new challenge as technology now enables business data flow freely beyond boundaries. Though the business goals demand such availability of data, any mishap could result in a severe consequence for the business.

Though the number of externally originating attacks far outnumber the internal incidents, the consequences of internal attacks far outweigh the external ones. Sophisticated technologies exist to detect and prevent external attacks to a great degree but when privileged insiders having direct access to data and controls, decide to act up, it is hard to address this problem only through technology.

This is where CISOs should get to the basics and engineer information security into every aspect of the operation of the business. And this should happen without adversely affecting the autonomy and the productivity of the employees.

It is imperative for business to collect, store and process personal data of millions of their customers and this is precisely why business data comes under targeted attacks. Individual, societies and countries around the world demonstrate different outlook towards how they see and approach privacy.

With personal data flowing freely around and with new laws coming into force that hand out severe punishments for violations, executing privacy by design and educating about it upto the very last person, is a very important challenge for the business and increasingly, this is falling in the laps of the CISO.

The various lines of business, in their earnest and honest interests towards contributing to business goals, tend to use their own technology without fully understanding the implications.

For example, a customer support application from a third party could be leveraging machine learning and artificial intelligence to look into customer data to offer predictions like how likely customers are to stay with or how happy, unhappy the customers are, amongst others.

While such capabilities have their own benefits, this could mean a copy of data from the business can get to a third party or their algorithms have access to it. Educating about this and overseeing scenarios like these do not come back to hurt the business is again a top challenge for CISOs.

The upside really is without the security solutions, it is impossible to run operations securely. Whether it is about defining and enforcing policies, managing and monitoring privileges and access to information, controlling all the end points, keeping the infrastructure components patched, proactively detecting attacks, ability to quickly react to attacks and manage all of this for hybrid and heterogenous environments, the vendors offer a variety of sophisticated tools. The downside really is making all this work together, so that the sum of the parts is far greater.

Rajesh Ganesan, Vice President, ManageEngine.

Key takeaways

  • The upside really is without the security solutions, it is impossible to run operations securely.
  • The downside is making all this work together, so that the sum of the parts is far greater.
  • Number of externally originating attacks far outnumber internal incidents.
  • The consequences of internal attacks far outweigh the external ones.
  • Any business transformation should start at fundamentals and then how to leverage technology.

Transformation must deliver value, decentralisation, customer experience, coupled with the free flow of data.