Contact Us

|

Careers

|

Change Locale
close

The Art of the Possible: Be the Security Mentor

Security | Posted on August 21, 2018 by Arun Kirupananthan

The IT world is changing. It’s no longer enough to build firewalls against known threats. Now the CIO must anticipate how these threats will evolve in the future. Cloud computing is becoming the norm, while online threats are growing. The Internet of Things (IoT) and smart devices have now taken hold in the office. These developments place many demands on the CIO, who is required to:

  • protect against attacks while ensuring a seamless user experience
  • maintain control over data while enabling unconstrained access to and from the internet
  • always guarantee full network availability

Balancing these competing—and paradoxical—priorities is a challenge in many organizations. By assuming the role of Security Mentor, CIOs can address these critical issues:

How does IT balance business needs with the need for security?

According to a recent global survey, most IT security measures affected productivity negatively. To resolve this issue, controls should be put in place to protect critical data. Employees should also be given training on how to keep information secure. These controls will not be successful if they impact workflow and efficiency. As Security Mentor, the CIO balances digital innovation against essential security processes.

How do organizations keep applications secure?

Reports that the US military had experienced a cybersecurity breach surfaced this year. The popular fitness app Strava publishes GPS location data taken from fitness trackers. Heat maps showing fitness activity revealed details about overseas military bases. The default app setting was for GPS data to be shared anonymously.

Joey Peloquin is the director of cloud security operations for Citrix. He offers these tips to help developers address application security:

  • Make security an integral part of application design. Use threat modeling to design software that’s secure from the outset. Use the talents of your IT security team by challenging them to break the app.
  • Never hardcode passwords into an application. Provide single sign-on and multifactor authentication. Encrypt sensitive data using industry-standard strong encryption.
  • Make security user-friendly. Consider eliminating rules about password complexity and rotation. Instead, use an interface that guides users to create an appropriately long password. Install a password manager to help users choose complex passwords.

Above all, says Peloquin, users should be encouraged to “vigorously defend … privacy when [they’re] outside of the enterprise.” The CIO can balance the needs of developers and users when designing applications.

How can organizations secure supply chains in a digital environment?

Complex supply chains cross many international borders. As a result, companies must exchange sensitive information with multiple partners. Information-sharing is necessary, but it also increases security risks. According to Chris Mayers, chief security architect at Citrix, the supply chain is the weakest link for many organizations.

In addition, businesses must perform due diligence when adding providers to supply chains. Still, many vulnerabilities remain. A recent U.K. survey showed that only 35% of IT security audits were “very comprehensive.” Also, half of these organizations experienced data breaches in the previous quarter. The CIO can work with IT to perform comprehensive security audits for every partner. Results should then be actioned appropriately.

The Security Mentor is an advisor, a leader, and an advocate. They work with all stakeholders: management, IT professionals, and customers. In this way, they can lead their organization past technology and security challenges.

Related Articles

Cloud | November 14, 2019 by Ryan Demelo

Protect the data and applications critical to your business.   Data has a significant impact on the way we do business, enabling innovation, defining how we engage our customers and expand our ability to generate revenue. With IDC forecasting that by 2025 the global data sphere will grow to 175 Billion Terabytes of information, businesses will need to be more strategic and efficient in the way they manage – and protect – their data.  The increase in global cyberattacks is a […]

Cloud | November 8, 2019 by Akshay Nikam

Cybercrime is happening all around us. If you haven’t been affected, it’s not a question of “if” but “when.” Organized crime syndicates or script kiddie hackers employ sophisticated tools to generate profit or cause reputational damage. Nation–state actors leverage hacking to further political or economic agendas. The threats we see today are not new, but the level of sophistication has reached new heights.   “The […]

Collaboration | September 9, 2019 by Greg Treanor

Want your business to stay competitive? Change the way you do business.