Digital Transformation And The CISO
As a chief information security officer (CISO), how do you build a cybersecurity practice that supports the digital transformation efforts of a company?
Before founding what is now my current company nearly four years ago, I spent most of my career in a practitioner’s chair as chief technology and security officer with a financial group and earlier as VP of corporate audit at an investment banking company. While these are stories for another day, my experiences there are what drove me to establish this company and to make the push toward risk-based vulnerability orchestration across applications and infrastructure. This shift in perspective means finding more effective ways to integrate security tools into the existing digital environment without impacting the speed of business.
It is important to remember that every company today, regardless of its model, is a software company. From surgical robotics to autonomous vehicles to beer distributors, all businesses are focused on bringing better products to the market at a faster rate, which translates into the need for a more robust software development life cycle (SDLC). And because the software these companies bring to market must support their business objective of maintaining ongoing customer and partner trust, the role of security is always in play. In this way, the digital transformation of any organization relies heavily on its cybersecurity practices, a process based on three basic pillars:
- Modernizing The Software Development Stack. Because these bundles of software are what comprise the back end — from the operating system to programming frameworks — and provide a layer for compatibility, they remain a critical piece of the digital transformation process.
- Moving To Microservices. An effective application programming interface (API) strategy involves improving the speed and quality of software development, which typically runs in a single process. By breaking them into smaller “micro” parts with independent functions, it becomes easier to implement and manage security.
- Using The Cloud. Finding an effective cloud strategy that merges traditional environments with the latest technologies is key to building resilient and security-rich solutions for business.
In the past, I have met with a number of CISOs to discuss strengthening cybersecurity across the SDLC, a conversation that inevitably brings up the subject of digital transformation and how it can be facilitated through proper support. Regardless of industry, these executive leaders tend to share three significant concerns:
- Achieving Visibility Across The Enterprise. Even though application security (AppSec) teams share a tight connection with security operations (SecOps) and vice versa, there is still a disconnect between the two. CISOs are continually trying to tackle this issue and gain a more holistic view of what’s happening in their environment. And with so many silos functioning at once, this can feel almost impossible.
- Driving Security In A World Of Continuous Delivery. To keep companies competitive in today’s digital market, IT teams are driven to deliver applications and capabilities at a breakneck pace. Realistically achieving this goal, while also ensuring effective security, is hampered by fragmented tools and processes.
- Aligning Security With Business Priorities. As companies move through the process of digital transformation, certain critical systems and services will remain at the forefront of the challenge. Finding ways to align with these priorities while also maintaining effective security practices is no easy feat.
When it comes to battling these concerns, there is no silver bullet for success. If there were, you wouldn’t be reading this article. That said, there are several places CISOs can look when trying to support the digital transformation initiatives of a company, all of which share a common thread.
This article originally appeared on fobes.com To read the full article and see the images, click here.
Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards
Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering tools for Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT, IBM Cloud Pak for Integration and many more.
The Nastel i2M Platform provides:
- Secure self-service configuration management with auditing for governance & compliance
- Message management for Application Development, Test, & Support
- Real-time performance monitoring, alerting, and remediation
- Business transaction tracking and IT message tracing
- AIOps and APM
- Automation for CI/CD DevOps
- Analytics for root cause analysis & Management Information (MI)
- Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics