For companies involved in digital transformation, the security
leader (CISO) must stay involved to make sure data security is considered. To
this end the CISO must manage and direct the operations departments such as IT,
Marketing, and Sales who are spearheading this transformation. To model the
solution, it would be best to first break down the two types of operations the
ISO must manage.
How CISOs Manage Technical
The first is technical operations consisting of IT,
programming, networking, etc. A positive of these departments is that by their
nature they understand technology and its challenges. A negative is that they’re
as overwhelmed and understaffed as you are! The most successful approach is to
educate them on the types of security capabilities you have at their disposal.
One technique is to get a list of all their current projects and related
sub-projects. Then, provide a framework of the possible cybersecurity risks to
mitigate. Also list what current or acquired tools are needed to do so.
Despite their technical bent, most ISOs have found that
keeping this process simple and straightforward works best. A good tactic is to
note for each project line item if one of the following is at risk: data in motion,
data at rest, and data in use. This modeling approach is straightforward, easy
to understand, and direct. It also provides a schema to label what associated
DLP resources you have or will need to assure data security compliance.
How CISOs Manage Business
The second is business operations. These departments are typically
detached from the technical know-how. Their focus, and rightly so, is on demand
generation for revenue. After all, without revenue, no one gets paid! The
approach with the most synergy to business operations is one of complimentary
Make sure that the solutions you have previously reviewed
with technical operations will have little or no adverse effects on the digital
transformation timetable. The Data Loss Prevention applications you select should have a low
provisioning and implementation overhead in time and personnel. Rather than
detracting from the digital transformation initiatives, these data security
solutions will assure a smooth roll-out and rapid acceptance.
By considering the objectives and needs of technical and
business operations, security officers can become a vital contributor and subject
matter expert for digital transformation. The CISO can make sure that data
security if fully considered for protecting data at rest and data in motion.
To learn more about how your security solutions must fit into a digital transformation, click the learn more button below.