Transforming the CSO Roleto Business Enabler

Amrit Williams, CTO, CloudPassage

CEOs Focus

• Growth & market share

• Profit & the bottom line

• Operational efficiencies

• Business agility & competitive advantage

• Looking awesome on CNBC & being referenced on the front page of the WSJ

CSOs FocusProtecting the business while dealing with:

• Increasingly hostile threat environmento Financially motivated & well-organizedo Nation-state sponsoredo Advanced, sophisticated & targeted

• Rapidly evolving infrastructureo Data-center transformation (SDDC, private cloud)o Public / private cloud hybrido Mobile devices

• Dizzying array of exciting compliance initiatives

And…never being referenced on the front page of the WSJ!

Rapidly Evolving Infrastructure & Technology

IT enterprise architecture circa 2006

IT enterprise architecture circa today

IT enterprise architecture circa 2000

Too Often, The CSO Has Been Positioned as “Dr. No”

NO!

Can I use my own

smart phone to access

corp. resources?

Can we run our BU’s

workloads on AWS?

Can you approve

the use of this SaaS

application?

So How Do You Become a Business Enabler?

Tip #1: Commit to Change• Tell people that you’re committed

• Paint a vision for the future & develop a roadmap for change

• Engage the business units & understand their needs

• Rally the troops and continue to show progress towards reaching business objectives

Tip #2: Speak in the Language of the Business• Translate “security speak” to business value

• Stay away from the technical details

• Become a story teller; use simple language

• Relate what your team is doing to meet business objectives

• Preventing data loss/breaches can be investments in:

o Innovation

o Enhancing the bottom line

Tip #3: Embrace Shadow IT• Support the business drivers: speed, agility• Invest in technology that empowers business, but gives

visibility, protection across cloud infrastructure• Implement a security playbook; then publish it to the business:

o Policieso Procedureso Technology

Tip #4: Leverage Analytics

• Use data to make your case

• Present analytics in clear, simple language

• Agree on small set of KPIs to measure progress

Tip #5: Invest in Agile Security… • Agile security is…

o Portable (works anywhere)o Scalable (on-demand)o Automatedo Orchestratedo Service-orientedo Flexible, metered licensing

• A flexibly defined set of automated, orchestrated security controls that work anywhere, at any scale, on-demand

…That Addresses Six Critical Control Objectives

Immediate, consistent, continuous knowledge of what assets exist, where they reside, & what they’re doing.

Visibility Strong, layered controls enabling authorized access & denial of resources to unauthorized entities.

Strong Access Control

Continuous detection & elimination of issues that create exploitable points of weakness.

Vulnerability Management

Assurance that critical data is encrypted & used appropriately by authorized entities while in motion or at rest.

Data Protection

Capabilities that enable detection & response to malicious or accidental compromise of resources.

Compromise Management

Day-to-day management of technologies & processes that comprise security & compliance.

Operational Automation

Want to Learn More?

awilliams@cloudpassage.com

www.cloudpassage.com