Avatar

AJ25293The data center landscape is undergoing remarkable transformation and security is being forced to evolve as organizations embrace more dynamic services.
For instance, Gartner predicts 17.9% CAGR in cloud services usage through 2016. As such, Chief Information Security Officers (CISOs) will need to consider how to secure non-standardized Business-to-Business interconnects across their organizations. CISOS will play a pivotal role in shaping the next-generation data center if they are able to act more strategically.
I call this my 3 imperatives for CISOs.

I am teaming up with my former mentor from McAfee and now colleague through our Cisco partnership, Rich Noguera, Sr Manager, Security Strategy and Risk Management at Accenture, to discuss this topic on July 16- 8:00 am PST/ 11:00 am EST

1.     Enabling IT security to play a more strategic and advisory role within the organization – today’s CISO needs to think much more in terms of establishing a risk-aware culture as increasingly the economic advantages of moving to the cloud becomes much more compelling.  Strategically speaking, CISOs must consider building or buying a cloud services brokerage that is capable of enforcing corporate security policies across the business’ varied providers.  There is an opportunity to shift IT away from being considered a necessary cost center to a department, which can enable self-provisioning of new services (with the right tools and training). But to do this, it requires a forward thinking organization with a security steering committee with stakeholders from across the enterprise engaged to ensure that security and risk considerations are factored in.

2.     Business-driven security and risk metrics  – It is a well-known phenomenon that when nothing negative in data center security happens (for example, malware disruption, data breach), it may become challenging to demonstrate the ROI on security even though security met its purpose.  Leading organizations are twice as likely to use metrics to monitor progress and their ability to deal with future technologies as well as metrics to justify the purchase and need of new technologies.  As the old adage goes, ‘you cannot manage what you cannot measure.’ Given the range of cloud enabled B2B services, CISOs should concentrate on what matters most – who (i.e. users) and what (i.e. crown jewel data) – to the security of the business.

3.     Balancing key technology focus areas with risk metrics – As data center workloads spiral and so too, correspondingly does the volume of security data, CISOs and security teams will need to find ways to filter data to a meaningful metrics.  That is where expressing security policy in business contextual terms and security intelligence data and filtering becomes critical.

Register here for this webcast on July the 16th to further discuss these key issues and see how datacenter can enable security to be transformative. Additionally, for more news and discussions, head over to @SecDatacenter or Secure Data Center Trends



Authors

Evelyn de Souza

Cloud Data Governance Leader

Chief Technology and Architecture Office