Contact Us




Change Locale

The Art of the Possible: Be the Security Mentor

Security | Posted on August 21, 2018 by Arun Kirupananthan

The IT world is changing. It’s no longer enough to build firewalls against known threats. Now the CIO must anticipate how these threats will evolve in the future. Cloud computing is becoming the norm, while online threats are growing. The Internet of Things (IoT) and smart devices have now taken hold in the office. These developments place many demands on the CIO, who is required to:

  • protect against attacks while ensuring a seamless user experience
  • maintain control over data while enabling unconstrained access to and from the internet
  • always guarantee full network availability

Balancing these competing—and paradoxical—priorities is a challenge in many organizations. By assuming the role of Security Mentor, CIOs can address these critical issues:

How does IT balance business needs with the need for security?

According to a recent global survey, most IT security measures affected productivity negatively. To resolve this issue, controls should be put in place to protect critical data. Employees should also be given training on how to keep information secure. These controls will not be successful if they impact workflow and efficiency. As Security Mentor, the CIO balances digital innovation against essential security processes.

How do organizations keep applications secure?

Reports that the US military had experienced a cybersecurity breach surfaced this year. The popular fitness app Strava publishes GPS location data taken from fitness trackers. Heat maps showing fitness activity revealed details about overseas military bases. The default app setting was for GPS data to be shared anonymously.

Joey Peloquin is the director of cloud security operations for Citrix. He offers these tips to help developers address application security:

  • Make security an integral part of application design. Use threat modeling to design software that’s secure from the outset. Use the talents of your IT security team by challenging them to break the app.
  • Never hardcode passwords into an application. Provide single sign-on and multifactor authentication. Encrypt sensitive data using industry-standard strong encryption.
  • Make security user-friendly. Consider eliminating rules about password complexity and rotation. Instead, use an interface that guides users to create an appropriately long password. Install a password manager to help users choose complex passwords.

Above all, says Peloquin, users should be encouraged to “vigorously defend … privacy when [they’re] outside of the enterprise.” The CIO can balance the needs of developers and users when designing applications.

How can organizations secure supply chains in a digital environment?

Complex supply chains cross many international borders. As a result, companies must exchange sensitive information with multiple partners. Information-sharing is necessary, but it also increases security risks. According to Chris Mayers, chief security architect at Citrix, the supply chain is the weakest link for many organizations.

In addition, businesses must perform due diligence when adding providers to supply chains. Still, many vulnerabilities remain. A recent U.K. survey showed that only 35% of IT security audits were “very comprehensive.” Also, half of these organizations experienced data breaches in the previous quarter. The CIO can work with IT to perform comprehensive security audits for every partner. Results should then be actioned appropriately.

The Security Mentor is an advisor, a leader, and an advocate. They work with all stakeholders: management, IT professionals, and customers. In this way, they can lead their organization past technology and security challenges.

Related Articles

Collaboration | March 26, 2020 by Softchoice Advisor

The situation surrounding COVID-19 has required many organizations to adjust their way of working. Cybercriminals are doing the same.  The need to shift many workforces to all-remote work creates new challenges, complicating an already complex cybersecurity landscape.   Across the globe, malicious actors are leveraging confusion and uncertainty around this unprecedented scenario to target individuals, businesses and their users.  With many or all end users working […]

Cloud | December 20, 2019 by Ryan Demelo

The stakes surrounding data security and risk mitigation rise with each passing year. Data breach costs continue to increase and potential threats grow more sophisticated.  According to IBM, the average total cost of a data breach – after accounting for remediation, reputational damage and regulatory issues – has reached $3.92 million. While smaller organizations may […]

Cloud | December 11, 2019 by Karly Pierce

IT organizations have seen too much of their time consumed by non-strategic tasks. This comes at great cost to their bottom lines and cloud transition strategies.  In fact, a 2018 Stripe survey found that between dealing with bad code, technical debt and various refactors or modifications, most of the typical developer workweek was wasted.   That […]