The IT world is changing. It’s no longer enough to build firewalls against known threats. Now the CIO must anticipate how these threats will evolve in the future. Cloud computing is becoming the norm, while online threats are growing. The Internet of Things (IoT) and smart devices have now taken hold in the office. These developments place many demands on the CIO, who is required to:
- protect against attacks while ensuring a seamless user experience
- maintain control over data while enabling unconstrained access to and from the internet
- always guarantee full network availability
Balancing these competing—and paradoxical—priorities is a challenge in many organizations. By assuming the role of Security Mentor, CIOs can address these critical issues:
How does IT balance business needs with the need for security?
According to a recent global survey, most IT security measures affected productivity negatively. To resolve this issue, controls should be put in place to protect critical data. Employees should also be given training on how to keep information secure. These controls will not be successful if they impact workflow and efficiency. As Security Mentor, the CIO balances digital innovation against essential security processes.
How do organizations keep applications secure?
Reports that the US military had experienced a cybersecurity breach surfaced this year. The popular fitness app Strava publishes GPS location data taken from fitness trackers. Heat maps showing fitness activity revealed details about overseas military bases. The default app setting was for GPS data to be shared anonymously.
Joey Peloquin is the director of cloud security operations for Citrix. He offers these tips to help developers address application security:
- Make security an integral part of application design. Use threat modeling to design software that’s secure from the outset. Use the talents of your IT security team by challenging them to break the app.
- Never hardcode passwords into an application. Provide single sign-on and multifactor authentication. Encrypt sensitive data using industry-standard strong encryption.
- Make security user-friendly. Consider eliminating rules about password complexity and rotation. Instead, use an interface that guides users to create an appropriately long password. Install a password manager to help users choose complex passwords.
Above all, says Peloquin, users should be encouraged to “vigorously defend … privacy when [they’re] outside of the enterprise.” The CIO can balance the needs of developers and users when designing applications.
How can organizations secure supply chains in a digital environment?
Complex supply chains cross many international borders. As a result, companies must exchange sensitive information with multiple partners. Information-sharing is necessary, but it also increases security risks. According to Chris Mayers, chief security architect at Citrix, the supply chain is the weakest link for many organizations.
In addition, businesses must perform due diligence when adding providers to supply chains. Still, many vulnerabilities remain. A recent U.K. survey showed that only 35% of IT security audits were “very comprehensive.” Also, half of these organizations experienced data breaches in the previous quarter. The CIO can work with IT to perform comprehensive security audits for every partner. Results should then be actioned appropriately.
The Security Mentor is an advisor, a leader, and an advocate. They work with all stakeholders: management, IT professionals, and customers. In this way, they can lead their organization past technology and security challenges.