The world is not only getting smaller, it’s getting faster. Today’s CEOs are focused on business agility, innovation and competitive advantage to drive growth and profit. And cloud computing is taking center stage as the disruptive force powering faster, more agile business innovation. But threats to the business are growing, often putting the CSO is the uncomfortable position to say “no," or to — wisely — slow down new initiatives to make sure they are handled carefully. So how does the CSO transform to enabler of business growth and innovation while simultaneously protecting the business? CloudPassage CTO Amrit Williams discusses the case for this transformation, why cloud computing can be your friend, five actionable steps CSOs can adopt to become business enablers, and how the right cloud security platform can help.
2. CEOs Focus
• Growth & market share
• Profit & the bottom line
• Operational efficiencies
• Business agility & competitive advantage
• Looking awesome on CNBC & being referenced
on the front page of the WSJ
3. CSOs Focus
Protecting the business while dealing with:
• Increasingly hostile threat environment
o Financially motivated & well-organized
o Nation-state sponsored
o Advanced, sophisticated & targeted
• Rapidly evolving infrastructure
o Data-center transformation (SDDC, private cloud)
o Public / private cloud hybrid
o Mobile devices
• Dizzying array of exciting compliance initiatives
And…never being referenced on the front page of the WSJ!
4. Rapidly Evolving Infrastructure & Technology
IT enterprise architecture
circa 2006
IT enterprise architecture
circa today
IT enterprise architecture
circa 2000
5. Too Often, The CSO Has Been Positioned as “Dr. No”
NO!
Can I use my
own smart
phone to
access corp.
resources?
Can we run
our BU’s
workloads on
AWS?
Can you
approve the
use of this
SaaS
application?
7. Tip #1: Commit to Change
• Tell people that you’re committed
• Paint a vision for the future & develop a roadmap
for change
• Engage the business units & understand their needs
• Rally the troops and continue to show progress
towards reaching business objectives
8. Tip #2: Speak in the Language of the Business
• Translate “security speak” to business value
• Stay away from the technical details
• Become a story teller; use simple language
• Relate what your team is doing to meet business objectives
• Preventing data loss/breaches can be investments in:
o Innovation
o Enhancing the bottom line
9. Tip #3: Embrace Shadow IT
• Support the business drivers: speed, agility
• Invest in technology that empowers business, but gives
visibility, protection across cloud infrastructure
• Implement a security playbook; then publish it to the business:
o Policies
o Procedures
o Technology
10. Tip #4: Leverage Analytics
• Use data to make your case
• Present analytics in clear, simple language
• Agree on small set of KPIs to measure progress
11. Tip #5: Invest in Agile Security…
• Agile security is…
o Portable (works anywhere)
o Scalable (on-demand)
o Automated
o Orchestrated
o Service-oriented
o Flexible, metered licensing
• A flexibly defined set of automated, orchestrated security controls that
work anywhere, at any scale, on-demand
12. …That Addresses Six Critical Control Objectives
Immediate, consistent, continuous
knowledge of what assets exist, where
they reside, & what they’re doing.
Visibility Strong, layered controls enabling
authorized access & denial of
resources to unauthorized entities.
Strong Access Control
Continuous detection &
elimination of issues that
create exploitable points of
weakness.
Vulnerability Management
Assurance that critical data is
encrypted & used appropriately by
authorized entities while in motion
or at rest.
Data Protection
Capabilities that enable detection &
response to malicious or accidental
compromise of resources.
Compromise Management
Day-to-day management of
technologies & processes
that comprise security &
compliance.
Operational Automation
13. Want to Learn More?
awilliams@cloudpassage.com
www.cloudpassage.com