|IBM Brasil on Facebook
BYOD? Mobile? Cloud? Security Leaders Tackle New IT Issues
Roberto Amaro 270006PURB firstname.lastname@example.org | | Tags:  issues byod security mobile tackle cloud | 927 Visits
Do I have the right team and skills? Am I doing enough? Am I focusing on the right things? These are the questions security leaders are grappling with in the age of Big Data, the cloud, sensors, mobile smart devices and social networking.
Meeting those challenges and the new threats they’re ushering in is dramatically reshaping and broadening the role of the chief information security officer. These days, a security officer’s duties merely begin with protecting the organization. Assessing and managing risk, pinpointing and taking advantage of new business opportunities, working closely with senior executives on enhancing the company’s brand and productivity are now all part of a security officer’s job description, marking the rise of today’s security leader.
IBM’s 2013 CISO Assessment, based on interviews with security leaders, identifies a set of practices and behaviors that can help security leaders tackle their expanding portfolio of responsibilities in this ever-more demanding environment. They are:
1. Business practices: As security has become higher profile, security executives are working more closely with the C-Suite. Navigating the different concerns of CEOs, CFOs, and COOs can be complicated. Each has different areas of focus, but the security leaders we spoke with pinpoint that the loss of brand reputation and customer trust is the biggest issue, on average, facing their companies. Breaches of customer data can significantly affect trust and business relationships, and take time to recover from. These things are difficult to track and manage, but are still very important.
Leaders who were surveyed underscored the need to focus on strategy, policies, risks, and business relations. A strategic vision, for instance, requires being able to assess a company’s different business risks and how adopting new technology will impact them. With that vision, leaders then build trust by communicating in a transparent, frequent and credible way.
2. Technology Trends: Moving Beyond the Foundational: Our study found that foundational security technologies are still the focus of most security leaders. For instance, 51 percent peg enterprise identity and access management as the most important security technologies for their organizations. And, despite lingering concerns about privacy and security, security leaders are moving ahead with mobile and using cloud services for security services.
Mobile, in particular, is top of mind for security leaders, with mobile security the number one most recently deployed security technology. But the challenge security leaders face is shifting their focus from mobile security technologies to policy and strategy. For instance, less than 40 percent of the folks we spoke with have crafted policies for managing BYOD — employees bringing their own smart devices to work. Still, security leaders say they will begin tackling this gap during the next year, with 39 percent planning to develop an overall enterprise BYOD strategy.
3. Measurement skills: According to our study, organizations are doing a solid job of using metrics for guiding budgets and tracking operational issues. For example, more than 90 percent said they track the number of security incidents as well as track lost or stolen records, data or devices.
But too few are translating security metrics into the language of the business to help their organizations understand how security issues affect them. For instance, nearly two-thirds of respondents don’t translate metrics into financial outputs, and more than half don’t fully integrate security metrics with business risk metrics. This severely hampers a security leader’s ability to give the C-suite a clear picture of their company’s security and risk profile.
Every security officer is confronted with a rapidly shifting technology and threat landscape while also having to demonstrate business value. Right now, getting the job done means protecting the brand, implementing BYOD policies, and integrating business, risk and security metrics. In the future, security teams will have to tackle an entirely new set of challenges. But the emerging, versatile security leaders will be prepared because what fundamentally sets them apart is their focus on reassessing, adjusting, and improving their skills.
Kristin Lovejoy is General Manager of Security Services for IBM, which helps clients with security services worldwide. She has held a variety of executive positions in IBM and holds U.S. and EU patents for Object Oriented Risk Management Models and Methods. She resides in McLean, Va. with her husband and four children.