Zeki Turedi, Chief Technology Officer, EMEA, CrowdStrike, provides a to-do list that CTO’s should have at the top of their agenda to drive their businesses in the new normal.
CTOs have a critical role in business and should be at the heart of every enterprise. Now that every business is a technology business (and if you disagree, just try running any organisation without power or internet and then think again), when technology goes down, businesses stop working. Full stop.
But the components of the technology stack are complex and the CIO and CISO may compete to ensure that their priorities are met to keep the organisation compliant, safe and online. My conversations with fellow CTOs turn up several key themes that are always on the agenda.
Lean security – a key concern in the ransomware age
CTOs constantly talk about the need to ‘sweat their existing assets’ and work closely with strategic suppliers to prove ROI at every turn. They need to do this now, more than ever, during a different kind of pandemic – that of ransomware.
Ransomware has become the first and most successful weapon of choice for cybercriminals. Attacks of this type grew by somewhere in the order of 300% from the start of 2019 to the end of 2020, according to CrowdStrike intelligence data. So, CTOs must attend to their defences as ransomware steamrolls over industries, hitting organisation after organisation and making international news headlines as oil pipelines and healthcare systems, for example, fall victim.
CTOs also have new security requirements to prioritize, beyond the nuts and bolts of keeping the organisation secure and operational. Chiefly, matters like aligning with the NIST Cybersecurity Framework to establish KPIs and show what has been achieved to the board. Deciding which metrics will be meaningful to the board prove the case the CTO wants to make and really do help show how the organisation’s risk profile is being managed. But this is not an easy task.
One set of measurements that certainly helps the CTO keep and demonstrate control is the 1-10-60 rule: That is, that the organisation has one minute to detect, 10 minutes to investigate and 60 minutes to remediate a breach or cyberattack. It is a simple set of metrics that prove the CTO team’s ability and whether the organisation is defended against the average adversary who doesn’t move fast enough to beat these timings. If the IT or Security team cannot meet these targets, it makes a good case for the CTO to ask for the budget, team or technologies that will ensure higher levels of protection for the organisation.
Remote working
Remote working remains a challenging situation – even after the pandemic that forced many organisations to digitally transform in weeks and months. With changing personnel, devices and the evolving threats ranged against them, ensuring safe and productive remote working can be a problem for large organisations without the right infrastructure to support their IT teams.
Some of the key challenges that CTOs bring up revolve around defining acceptable behaviours and managing the working environment. It can seem a thankless and joyless task enforcing the right policies and usage of corporate technology and assets. It is crucial though. Time and again, the human is the weak link in security – and mostly through misjudgement rather than malice.
One of the phrases that we hear repeated is the ‘importance of protecting the new perimeter’. Clearly, for many formerly office-bound organisations, the network perimeter has thoroughly dissolved. The new perimeter that organisations now require still protects data and users everywhere, without introducing friction to the business. Users must be enabled to set up and work from wherever they are – because location now needs to be totally immaterial.
Consequently, this has led to an increased focus on the Zero Trust architecture and solutions to support it. This concept is an identity-centric and data-centric approach that focuses on data, people, devices, workloads and networks.
Under a zero-trust model, CTOs must enforce policy-based controls each time a user requests access to any resource. The network needs total visibility into all the users and devices across the corporate environment. Ideally, the CTO’s security team receives all information from reports and alerts, to improve detecting and responding to threats.
Finally, partly as an opportunity that can now be properly realized, but also as a necessity because of all the other new tasks discussed, automation has risen up the CTO agenda. These technologies work best when relieving humans of the heavy lifting involved in a lot of IT and security tasks, working through large volumes of repetitive data to spot anomalies and unusual patterns. This way, they can free-up the human security team to exercise their skills meaningfully. Leveraging the cloud and layering machine learning and AI tools on top is proving helpful for the CTO’s team in reacting quickly to threats and rapidly disregarding false positives. They also report being able to commit to strong SLAs around detection, investigation and remediation of threats, and better service their internal customers.
Faced with a tidal wave of very dangerous cyber-attacks, new standards to define and meet and a sea-change in working conditions, CTOs have their work cut-out for months ahead. Happily, the technological assistance those CTOs can now call upon to outsource and automate many tasks, with the maturation of cloud-native machine learning and big data analysis tools, means they nonetheless stand every chance of meeting their goals.