At Cisco, we talk a lot about cybersecurity as a strategic advantage for organizations. We believe that a strong security program must be an inherent component of a digitization strategy. There are consequences for organizations that don’t have a plan for addressing this risk. As Ashley Arbuckle, Vice President of Cisco Security Services, said in his blog post last week, “Organizations that have any doubt about their cybersecurity capabilities delay important digital initiatives and risk falling behind the competition tomorrow.”
The intertwining of business strategy and cybersecurity strategy is resonating more and more with our customers, and not just those who focus on security as their primary job role. This summer, at Cisco Live US, over 100 IT executives attended an Executive Symposium, and a good percentage of them stayed an extra day to attend a workshop on how to build a plan to protect their digitization strategy.
Since this month is National Cyber Security Awareness month, I took the opportunity to catch up with the security experts who presented the workshop: Patty Wright and Gary Alterson from Cisco’s Security Advisory Services group. Here’s what they say are the 3 things you need to do now to protect your organization’s digitization strategy.
Patty Wright – Senior Director, Security Advisory Services
Gary Alterson – Practice Lead, Strategy, Risk and Compliance
Once an organization has acknowledged cybersecurity as a critical component of their digitization strategy, what should they do about it? They probably already have some security measures in place. So, maybe the better question is, what should they do differently?
Patty: We talk to customers all the time, and they do have anti-virus, firewall, intrusion prevention and other security technologies in place. But, if the company is seeking a digitization strategy, they are going to need to do more than the basics. A basic strategy tends to be very reactive: a security issues comes up, the IT department applies a product or technology to resolve that particular situation. That approach is inflexible: it solved a point-in-time problem, but a week later, a month later – something in that environment will change and the security band-aid won’t work any more. Maybe they added a new application to improve customer experience. Maybe they merged with another company and now they have a blended IT environment. The original solution to the point-in-time problem doesn’t work. So, the first thing organizations need to do is to move beyond the basics.
Gary: A lot of organizations believe they have the basics in place, and they may have at one point in time, but the basics are a moving target, evolving as threats and technology evolve. For example, given the pervasive use of cloud, cloud security architecture and supporting controls should be a fundamental security basic, and we have a long way to go as an industry on that.
In addition to ensuring they have the right technology, implemented the right way, for the right business reasons, they still need to think about the people and the process elements of their programs. Do they have the right skills in place? Are they interlocked on security strategy not just within IT and security functions, but across business functions as well? Are there operational processes in place for security? How will they measure success of their program?
Patty: Many organizations built their security programs 8 or 10 years ago. They haven’t fully considered how they will manage risk within their digital process or how they will adapt to changing industry requirements. Even their governance models for security are likely to be inadequate because they do not allow for the agility required for today’s environment.
So, the first thing organizations need to do is move beyond the basics. What’s the second thing they should do?
Gary: Even when they have the basics in place, many organizations find themselves stuck fighting the last battle. They aren’t able to look ahead and proactively build a flexible and embedded security architecture. This is important. If security is going to be a business enabler, the architecture needs to support constantly evolving business processes and technology without being onerous to users. One of the primary reasons you hear CISOs being resistant to change is because they don’t know how to achieve an architecture that can securely support rapid change.
Patty: That means they need to have an architecture that differentiates between different people, devices, applications, and data and applies different sets of controls. So, it starts with being able to establish identity and trust, then enforcing specific policies while applying appropriate isolation at the network, system or data level. It also includes achieving appropriate levels of visibility and resilience.
Gary: The benefits of moving to embedded security and a flexible architecture are numerous. For example, threat analytics will have much higher fidelity, time to detect and time to respond [to threats] will be reduced. Resilience to security threats will be enhanced and the longtime goal of protecting data according to its value can actually be achieved.
And the third thing they can do?
Gary: Organizations need to address risk specifically within their digitized business process. This requires mapping that process out, identifying the information risks within the process itself, as well as evaluating the underlying infrastructure, applications, and IT operations that support that process end to end.
Patty: This will allow organizations that are pursuing digitization strategies to benefit from a much stronger ability to manage risk as they move into new business models or offer innovative new experience for their customers.
Join the National Cyber Security Month conversation on Twitter @CiscoSecurity #CyberAware.
The challenge, however, is usually on the infrastructure side – how can the wireless network leverage BLE in a scalable, reliable and cost-effective way? Traditionally it has been very time consuming and expensive to deploy and manage physical beacons for BLE. The installation often requires comprehensive site surveys, which have to be redone whenever beacon placement changes (or the RF environment is altered). In addition, batteries in the beacons are expensive to replace, and the beacons themselves can be lost or stolen. With the introduction of Cisco Beacon Point, an industry-first Virtual Bluetooth Low Energy (VBLE) beacon consul, we have developed a unique and highly innovative solution to address this challenge.
competition launched last May at the 
With just two weeks to go, the finalists will fine-tune their solutions, sharpen their value propositions, hone their messages, rehearse their pitches and respond to written questions from judges. We will provide them with travel arrangements to the Web Summit, an ideal venue for such a global event where 50,000 attendees from Fortune 500 companies and aspiring startups converge.
Get the Podcast
To achieve this high-level certification, 
Given the Cisco culture of delivering customer success, we continuously learn to improve our people, process, and technology to stay ahead of rising customer expectations. Listening to our customers and using smart tools and automation to improve our customers’ support experience are key elements of our services innovation and strategy. We are so pleased to be recognized by TSIA, the leading association for today’s technology and services organizations, and our peers. We are especially proud of our 9500+ services innovators who have contributed to Cisco’s leadership in delivering an outstanding customer service experience. This would not be possible without them. Congratulations!