It’s no surprise the world is going digital. With this transition comes the opportunity for economic growth, job creation and global competitiveness but also the risk of cyber-attacks for monetary or political gain, and disruption of service. In conversations with customers all over the world, it’s fascinating to hear the similarities when it comes to cybersecurity challenges. It doesn’t matter what vertical you are in, or if you are in the public or private sector – no one is immune. We are all facing a collective challenge when it comes to cybersecurity; and the solution will depend on our ability to work together to create resilience.
To do so effectively will require transparency – openness, communication, and accountability. Transparency is more than an instrument to right a wrong or own up to a mistake. While owning mistakes is important, there is a much bigger value associated with transparency when it comes to building collective resilience. In fact, it is critical to the success of the digital economy.
Transparency in Development
The journey must start with more transparency about how solutions are developed and created. Being open and transparent about the features and functionalities that get built into solutions from the beginning. Everyone producing connected products must be transparent about how they are building security into their development process. For Cisco, that is the Cisco Secure Development Lifecycle (SDL), our process that helps to ensure security is central through all development of our technology. As a result, we find a SDL helps reduce the number and severity of vulnerabilities in software and should be a best practice for any technology vendor. When we build security in from the start we not only prevent security problems proactively, but we also find security problems before the bad guys do.
Transparency in Vulnerabilities
The interconnected nature of the digital world means that security vulnerabilities can have far reaching consequences beyond one region or country with potential large-scale impact to citizens and the global economy. Even when implementing a SDL, vulnerabilities still happen. It is imperative to have a robust vulnerability management and disclosure capability; especially if you are producing digital solutions. Companies need to transparently disclose vulnerabilities and breaches so that customers may mitigate risks, but also must actively manage the handling and closure process within their organization to ensure from the time known – to the time customers are aware and fixes are available – is minimized. At Cisco, we regularly publish security vulnerability information. When we identify a potential risk exposure for any of our products and services, we want our customers and partners to quickly know what clear actions they need to take to protect themselves.
Transparency in Data Usage
As organizations go digital, they find themselves being entrusted with customer data. It is imperative that they are transparent about how they are protecting that customer data. Being clear about what data is collected, how it is protected in all aspects of its lifecycle are critical not only for regulatory compliance but to gain and keep the trust of customers. Cisco has recently launched our own repository of this information in order to simplify customers’ access to this information: cisco.com/go/dataprivacy.
When entrusted with customer data, organizations also find themselves being approached from global law enforcement and other public-sector entities requesting access to this information. It is paramount that digital companies be transparent with their customers about how they deal with such requests. How often do they get them? What is their process for these requests? What is their policy to respond? While we adhere to the local laws in every country in which we operate, at Cisco we think it is equally important to share when we get requests or demands for customer data that we receive from law enforcement and national security agencies around the world. This is done on a regular basis in our Transparency Reports. We believe that the protection of data is a key element to win customer trust as digital enabler in a data-centric economy.
The digital economy can only flourish when you connect people, process, data and things in an ethical, meaningful and secure way. We have to create an environment in which everyone can easily do business and know their data is safeguarded. Being upfront about requests for data; how we build our solutions, as well as how we handle vulnerabilities has served us well in earning the trust of our global customers and industry collaborators. Transparency has become a vital element as we seek out partnerships to enhance our global cybersecurity posture.
It’s important to remember, we’re all in this together. To learn more about Cisco’s commitment to Transparency and Accountability, please visit our Trust Center.
I really thought this article was well done. thanks