The convergence of network and security means CISOs are now firmly in the spotlight, becoming the new chief trust officer for their organisations. Tris Morgan, director of global advisory at BT, shares his views.
Right now, many businesses are at different stages of their digital transformation journey but, ultimately, one of their main goals remains the same – to have a flexible and secure infrastructure that will support the growth and transformation of the business.
And, while historically, network and IT security have always existed as silos, many organisations are now adopting new technologies from Edge to cloud, which are bringing the convergence of network and security closer than ever before.
CISOs are therefore having to cement their leadership and planting their feet firmly in the role of chief trust officer – driving organisational change to ensure security is always at the heart of the business strategy. This is increasingly important as security is now a key differentiator for consumers who increasingly look for partners and solutions that instil confidence.
Traditional models are changing
The rapid shift to working from anywhere and acceleration in digital business initiatives brought on by new working models, has shaken traditional business strategies and caused many organisations to review their approach for the better and drive positive change.
But, while we’re seeing network and security departments working more closely together, more collaboration is still needed as some advances are still only seen through the lens of the network. In our experience of delivering network and security services it quickly became clear that, although some products start life in our networking division, they need security built in.
For example, many companies still see SD-WAN purely as an opportunity to reduce network costs, and while their network teams are usually aware it will increase their organisation’s attack surface, what’s not taken into consideration is how much visibility and control is lost for the security department.
This is where some traditional structures still remain, which hold back progress. Coupled with organisational silos, skills gaps and existing investments – which will need to be readdressed to help network and security converge even further. Organisations need to start making sure security is inherent in every business-related decision.
Converging the physical and digital world
It’s now even more important to look at physical and cyber security in parallel as more devices are being introduced into the operational side of an organisation and connected to the network, creating a larger attack surface to secure.
The CISO is no longer just being confined to the digital world, with their role evolving to take on a string of new devices, like control access systems, automated vehicles and even drones, all vulnerable to outside interference and attack. They have to look at the events from the physical and cyber world together, so that even activity such as internal door alarms alerting against intruders or monitoring door access to restricted areas are seen alongside activity on the network.
CISOs need to take charge over the trust of both the physical and digital world and expanding their responsibilities across the entire business.
CISOs are increasingly in the spotlight
As the CISO’s role changes, they’re taking on a newfound importance in their organisation and becoming the face of trust – driving strategies forward and enabling the business.
So, they’ll need to make sure the organisation is sufficiently protected from every angle and customer data is always secure, to instil the necessary confidence and trust that ensures long term success and custom. Last year 58% of executives said improving data and network security had become even more important for their organisation.
Plus, there’s an opportunity to do more, as 66% also said there needed to be an increased budget for security, increasing the focus on the CISO even more.
Even though expectations are higher than ever, it’s providing the CISO with an exciting opportunity to drive change, as we’re now seeing many companies making sure security is increasingly at the heart of their digital transformation and cloud adoption programs.
So, how will the role of the CISO evolve?
Introducing the new chief trust officer
The CISO is becoming the face of trust for their organisation, stepping into a newly-evolved role as the chief trust officer and taking charge of their organisation’s compliance, governance, data privacy and company-wide cyber risk management.