Journey through Enterprise IT Services
In Journey through Enterprise IT Services, Nadhan, HP Distinguished Technologist, explores the IT Services industry, and discusses technology trends in simplified terms.

Board level security concerns need proactive risk management

Corporate America says data security is now the main concern in the boardroom when it comes to legal considerations, says Antony Savvas in this ComputerworldUK article, titled US boardrooms wake up to data security. This position is based on a survey of 11,000 public company directors and 2000 general counsels who rank data security as their top corporate fear. "We would better get security right," says HP Security Strategist Mary Ann Mezzapelle in her keynote at the recently held Open Group Conference at Newport Beach, CA. Mezzapelle asserts that proactive risk management is the approach that most effectively combats the rising concerns across various dimensions of security. But how proactive can enterprises be?

 Board of Directors.png

Mezzapelle challenges us with a few questions that should trigger the appropriate remedial steps to address vulnerabilities:

 

  • Where are your business users creating “shadow IT,” and have you assessed the exposure?
  • Where is your data, who owns it and how important is it to the business?
  • How much do you understand the security tools, processes and procedures from your cloud service provider?
  • Have you been taking an end-to-end perspective on security across cloud, mobility and various architectural layers?

These questions can be difficult to answer if enterprises do not have the right levels of governance in place with effective monitoring mechanisms. The questions trigger enterprises to proactively take steps to streamline the business of IT in a controlled manner.

 

On the other hand, Art Gilliland, Senior Vice President, and General Manager, HP Software Enterprise Security Products, would assert that the very frameworks enterprises strive to comply with (such as ISO and PCI) set a low bar for security that adversaries capitalize on. Criminal minds take the "proactive approach" to the next level. Gilliland explains this very well in his keynote preview at the RSA conference.

 

So, what are other steps that enterprises can take to be proactive in assessing, gauging and penetrating the mind of the hacker?

  • How about the inception of OODA techniques into the security hacker's mind?
  • Andy Ellis discusses managing risk with psychology instead of brute force in his keynote at the RSA Conference.
  • At the same conference, in another keynote, world re-knowned game-designer and inventor of SuperBetter, Jane McGonigal suggests the application of the "collective intelligence" that gaming generates can combat security concerns.
  • Gilliland himself suggests techniques such as Benchmarking for enterprises to share their experience in managing risk.

One might wonder if we need to go to such extremes to address the security concerns. Well, whether enterprises do it or not, their adversaries are. The art is in being proactive enough to be a step ahead of the adversaries.

 

You think twice before going to executive leadership with the statement of a concern. You are expected to identify the issue, find the quickest path to resolution and keep the executive leadership informed of the actions taken.

 

Proactive risk management is vital to address board-level security concerns.

 

How about you? How proactive is your enterprise today? What are some of the other approaches enterprises can take to be more proactive? Please let me know.

 

Connect with Nadhan on: Twitter, Facebook, Linkedin and Journey Blog

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation