On Monday 14th July, an article was published in The Guardian, a leading British newspaper, titled “How to promote data security in the workplace? A roundtable report“.
Covering a recent roundtable discussion with some of the online security sector’s leading figures, including Infosec Partners’ very own Mark Oakton, the roundtable discussed Security, Big Data and the developing role of the IT executive.
Promoting the value of data security
In an environment in which companies face an increasing number of digital threats, the Guardian report asks why these are often ignored by CEO’s, and what can be done to promote the value of data security to other board members. The most common answer from the roundtable, is two-fold in that that Boards do not understand what they’re getting in return for their financial investment, and that many responsible for IT/Security simply don’t know how to translate protection technology budgets into business enablement.
Translating Technology to Business Enablement
As a trusted adviser to significant enterprises and organizations, Infosec Partners frequently meets this challenge. The solution is not to sound like a ‘prophet of doom’, but instead to marry budgetary demands with risk. Painting scenarios, explaining the requirements in terms of risk management and using business-speak rather than techno-babble, are skills that all Infosec Partners Trusted Advisers have, to go with their track-record of successfully guiding organizations with their policy and providing transparent reasoning.
CEOs and board members can no longer afford to bury their heads in the sand, as the often cited recent example of US retailer Target Corporation shows. What Infosec Partners offers to organizations with or without Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Chief Digital Officers (CDOs), is a solution to get a grip on the issues and empower their decision making by helping them understand what they can afford to lose as well as what they stand to gain.
Big Data and the CIO
The changing role of technology executives was also put under the microscope. With IT research firm Gartner predicting that Chief Marketing Officers (CMO) will spend more on IT than CIOs by 2017, and the rise of Big Data meaning more and more CDOs are being appointed, is the CIO role facing extinction? Mark Oakton comments, “That someone has a CIO, CISO or CDO title is neither here nor there. What’s important is the the function of managing the technology to suitably enable the business – and in particular managing the security risks – needs to be carried out optimally“.
If Gartner’s prediction comes to light, just because a CMO may spend more on technology, does that make them more able to understand and effectively manage security risk more than a CISO with decades of experience? “Perhaps if the Chief Marketing Office is responsible, then we’ll have even more billable work on our hands” stated Mark with a smile.
On the subject of Big Data, Mark raised the question why we can’t just “… get rid of some of our data and not have as much?” Whilst it’s clear that the ability to collect more data has proven to be useful, Mark’s question is not to be consigned as a novelty, after all just like individuals some companies can be hoarders that ultimately have a problem of having collected too much that they cannot or do not process. “Let’s simply have a better handle on the customers we actually deal with.” he said.
Better customer relationships > More data
Fundamentally, Big Data is great if the organization is equipped to process it, and regularly does its housekeeping. “Less is more” is the commonly used phrase from ‘Andrea del Sarto’ a poem by Robert Browning, and the same could be said of Big Data.
Mark continues, “Let’s not kid ourselves into thinking that collecting customer information, is the same as getting to know them through high-touch communication.” From advising executive teams on policy, through to deep-dive penetration testing, Infosec Partners’ focus on quality of service and establishing a thorough understanding of the clients’ needs, is far more tangible than simply providing a defence against an invisible threat.
“I’d like to again thank Tom (Brewster, Chair/Journalist) at the Guardian for inviting me along to the roundtable discussion.” said Mark. “It was great meeting up again with old friends and contemporaries in the industry, and moreover The Guardian’s roundtable series are a great way to remind readers, that Information Security cannot be simply fixed by a one-off solution; the basics need to be repeatedly monitored, whilst awareness and understanding must become a daily mantra that permeates throughout organizations, especially to Board level.“