Transcript of "Australian CIO Summit 2013 Interview with: Dr Tim Redhead, Director, DotSec"
Interview with: Dr Tim Redhead,Director, DotSecA requirements-driven, architecturalapproach will inevitably save money andimprove business capabilities in the longrun, according to Dr Tim Redhead,Director, DotSec. This is especially trueof information security and cloud-hosted solutions, he added, whereChief Information Officers (CIOs) areadvised to also focus on out-performingcompetitors by enabling the business todo more, rather than focusing solely oncutting costs.DotSec is a sponsor company at themarcus evans Australian CIOSummit 2013 in the Gold Coast,Queensland, Australia, 29 - 31 July.Big data, information security andcloud computing. How can CIOsensure they support each other?These three issues are complex on theirown, and even more so together. If youask ten people what cloud computing isyou will probably receive ten differentanswers. Similarly with big data. Startby getting a clear understanding of whatyou mean by “big data” and “cloud”,before defining what your requirementsare in these spaces.The “scale-out” capability of good cloudplatforms (and yes, there are bad ones)makes it ideal for supporting big-datastrategies. And of course, if the data(and derived information) has anyvalue, then the ongoing viability of anycloud deployment is going to dependon well-defined information securityr e q u i r e m e n t s a n d s u p p o r t i n ginfrastructure.What level of awareness do CIOsneed to have of a cloud-hostedenvironment?A cloud-hosted environment is oftenphysically located outside the localinfrastructure of the organisation thatowns the assets. Even a private cloudwill probably be hosted in one or moregeographically remote data centre(s).As a result, it is often more difficult toknow what is happening within thecloud environment, and to react (orbetter still, pre-empt) to a securityincident in a timely manner.A summary report at the end of the dayor week is not sufficient; getting areport post event and then trying tobacktrack what happened will not leadto effective data management, and inlarge or complex environments isprobably not possible anyhow.CIOs need continual monitoring andcomplete awareness, to immediatelyand effectively react to anomalous orthreatening situations.What areas should CIOs pay moreattention to?Distributed systems are now becomingthe norm, so distributed computinginfrastructure and architecture are nowbecoming more important than ever.Identity management, asset orinformation sharing, real timeawareness and event incidentmanagement all add complexity, butthat is what the cloud is. This is prettytricky for some CIOs to understand, butit is risky not to pay attention to all theparts.Information security is not just aboutstopping bad things from happening; itis also about enabling the business todo things it could not do before. Forexample, identity managementinfrastructures allow new applications tobe developed without the need toreinvent authentication and accountmanagement. Even better, a well-designed infrastructure allows variousdivisions, partners and customers toshare information more easily and moresecurely.Similarly, a logging and reportinginfrastructure provides the capability forreal-time reporting, alerting and eventmanagement. As widely distributedcomputing environments become thenorm, it becomes critical thatorganisations embed that capability aspart of the infrastructure.There have been many public examplesover the past 24 months of companiesthat have been unaware that they havebeen breached, sometimes for years,because they had no awareness as towhat was taking place in theircomputing environments.As much of the IT world moves towardsdistributed, physically remote, 3rd-partyhosted environments, it is moreimportant than ever that thoseenvironments include requirements-based, infrastructural informationsecurity services and processes.CIOs needcontinualmonitoringand completeawarenessBuilding Business Capability in aCloud-Hosted Environment
The Information TechnologyNetwork - marcus evansSummits deliver peer-to-peerinformation on strategic matters,p r o f e s s i o n a l t r e n d s a n dbreakthrough innovations.Please note that the Summit is aclosed business event and thenumber of participants strictlylimited.About the Australian CIO Summit 2013This unique forum will take place at the RACV Royal Pines Resort, Gold Coast,Queensland, 29 - 31 July 2013. Offering much more than any conference, exhibitionor trade show, this exclusive meeting will bring together esteemed industry thoughtleaders and solution providers to a highly focused and interactive networking event.The Summit features presentations on IT process optimisation as well as insights onhow to pinpoint high-value innovations, prove value to stakeholders and turnknowledge into profits.www.australianciosummit.comContactSarin Kouyoumdjian-Gurunlian, Press Manager, marcus evans, SummitsDivisionTel: + 357 22 849 313Email: firstname.lastname@example.orgFor more information please send an email to email@example.comAll rights reserved. The above content may be republished or reproduced. Kindlyinform us by sending an email to firstname.lastname@example.orgAbout DotSecDotSec is a professional, independent, Australian-owned information-security organisation. DotSec was established in 1999 andhas consistently delivered solutions to customers in the financial, legal, utilities, education, transport, insurance and governmentsectors.www.dotsec.comAbout marcus evans Summitsmarcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discussstrategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity toindividually tailor their schedules of keynote presentations, case studies, roundtables and one-to-one business meetings.For more information, please visit: www.marcusevans.comTo view the web version of this interview, please click here: www.australianciosummit.com/TimRedhead2