In Defense of the Chief Information Scapegoat Officer
The CISO has the toughest job in the C-Suite. True digital transformation requires a paradigm shift. It won’t happen quickly and it won’t be easy.
Most of the customers I work with are stuck in a purgatory between their cloud vision and their legacy networks. Leadership bickers internally about the best path forward. One executive desperately wants to change and doesn’t fear the challenge, the level of effort, or the cost; meanwhile the other can’t stomach the thought of change and or the cost associated with it all. And then there’s the board.
And while the CEO and the CFO duke it out, the Chief Information Security Officer (CISO) waits in the distance for one of them to ask for his/her input. The CISO has been begging for a seat at the table for the last couple years but is now dreading getting invited into this conversation.
Despite sitting in briefing centers for the last three years, buying the security tools du jour, and then tirelessly trying to integrate them, the CISO actually has little confidence that what they are trying to secure is actually secure. It’s a lose/lose situation for them and their peers know it.
The CISO has the toughest job in the C-Suite.
My advice to the “Chief Information Scapegoat officer” in 2019 is:
Consider the amount of time, money and aggravation associated with buying, integrating, and managing a bunch of best in breed products to do security. Consider your comfort level pertaining to the assurances you are expected to provide and the adversaries you are up against.
The cloud is no longer your enemy. The cloud is your best friend and your greatest ally.
Digital transformation requires a cloud partner that:
1) Can help an executive team through the debate and the thought process
2) Can create a business case for the expense, time, and journey involved
3) Can help an organization come together to make decisions that will affect every aspect of the business to in turn make the business more competitive in the market
4) Has the technical chops and prowess to phase out a complex deployment
5) Has the resources and telemetry and data science models to scale and correlate massive data sets.
6) Has a proven track record and has transformed themselves
Given the amount of time and money that is required for true digital transformation, the plan needs to be calculated clearly and realistically. Both parties need to put all their cards on the table.
Ask the following questions when meeting with cloud providers. If they trip trying to answer these questions, be leery:
1) Is your data protected by strong security and state of the art technology?
2) Do you incorporate privacy by design and allow control of our data in our enterprise cloud?
3) Do you make deep investments in robust compliance processes that can help me with my compliance needs?
4) Will you tell me who has access to my data and where it is stored?
5) Do you subject yourself to third party reviews annually?
6) Will you reject any requests for the disclosure of my personal data that are not legally binding?
7) Do you adhere to the compliance and regulatory standards in all the countries my business operates in?
It’s easy to calculate digital transformation ROI around vendor reduction, but that the bigger ROI around digital transformation itself is much more challenging and complex.
Digital transformation requires planning, benchmarking, business impact analysis, financial analysis, architecture assessments, and requirements. Digital transformation requires a partner with a holistic plan.
Digital transformation is a 50-gallon problem and most organizations have a 20oz bottle to solve it. Consider how many gallons a cloud provider can bring to the table.
Lucas Dowd is passionate about helping the business community reduce security operating costs and increase attacker costs, while enabling growth and productivity.
