10 years ago, CIOs did not have a place of prominence at the C-Suite table. Today, that has changed in a major way as executives at every level across the enterprise are rethinking effective risk management solutions. In fact, there is such a need for leadership in this evolving role that the chief technology position has spawned many variations of itself, including CTO, CDO, CSO, CISO, etc. Technology, and securing corporate and customer assets in particular, is more important to the health and future of a business than ever before.
In the not so distant past, technology leaders were focused on preventing internal threats, filtering out creative ransomware and stopping IoT hacks. Although those and many other worries still keep the CSO up at night, another area of concern has emerged: who holds the keys to the castle. As security breaches mount to unsurpassed levels, it has become readily more apparent that authentication is one of the most important areas of security and one that requires additional focus, energy and resources.
While the CSO deals with his own pressures and projects, he is hearing continuous clamor within the organization to solve the mounting authentication issue – ultimately proving people are who they claim to be when accessing sensitive, private data. The idea of tethering individuals beyond a shadow of a doubt to their actions, either criminal or innocent, is gaining traction.
Compounding this is the fact that CSOs face a type of pressure that many of their peers don’t: a security breach is career-ending. Security concerns are everywhere, and the pressure isn’t just coming from above. Folks all around the business are worried – many of them about authentication – and are raising serious issues with the CSO. A tough gig for him, as he has to find a solution, and fast.
Here are some of the concerns the CSO must deal with and those business units that are most nervous about security:
- Heads of End User Services: This group is concerned about multiple points of access, BYOD policies, and end user security and requires approval on new deployments from the CSO.
- Leaders of Global Network Services: They need to be proactive on security, since end-users will ask and expect more from the companies they are doing business with and working for.
- Finance/Legal: With new regulations rolling out (like GDPR), issues around legal non-repudiation are top of mind among the finance and legal teams. Access management programs are critical to them and sometimes they must execute on their own, without working in conjunction with the CSO.
So, what’s a CSO to do as concerns trickle in from every level of the organization? They need to take action now, as insurance after the fact doesn't pay. The “wait and see” approach is dangerous: identity management following a major breach, such as an internal employee error or malicious attack, won't stand up as a solution to shareholders. Enterprises must innovate and evolve and cybersecurity is at the forefront of this.
- Simplify your infrastructure: Security is a layered approach and innovative new technical concepts and designs are disrupting and testing the strength of enterprise infrastructure. Be sure to base each essential layer of security on a solid infrastructure that is adaptable.
- Turn to hybrid cloud solutions (where data policy and regulation allows): Leading technology firms are benefitting from the simplicity and cost savings associated with cloud-based solutions to stay at the cutting edge of security.
- Keep communication channels open and ongoing: Work with your peers and be open to discussion. Security, while a value, shouldn't be something that advances in a silo: work together as a team.
- Make platform decisions: Specific platform decisions can be a challenge to manage, especially amidst rapid change. Be sure to seek platforms using open protocols. As an example, consider multi-factor identity access management systems that incorporate biometrics rather than simply relying on antiquated password verification.
An organization’s value is in their data, so protecting that data, as well as simplifying and securing access to your greatest asset, is key to a company’s longevity – and to keeping a CSO’s nightmares at bay.