Security: The Never-ending Battle In A Ciso's Life
Enterprise IT World|April 2019
Security: The Never-ending Battle In A Ciso's Life

Security has become the most important aspect of an organization. From leading to a drastic financial loss, to spiralling the business down to the tunnel of customer/client mistrust, Security breaches have destroyed many successful businesses. This demands a constant reworking of the Security Framework by the CISO to stay a step ahead of the hackers.

Pooja Jain

In 2006 when Clive Humby coined the phrase, ‘Data is the new oil’, he couldn’t possibly have imagined the turn Security would take in the second decade of the twenty first century. From being the by-product of business, Data has gone on to become the cornerstone of an organization.

With the evolution of Internet, there has been a substantial shift in not just the idea of a business, but also the way business is undertaken. So much so, that it has simultaneously allowed the emergence of a village in Romania, notoriously called Hackerville.


Businesses in 2019 are fundamentally dependent on the Data that they collect and collate through their operations. Customer information, employee details, internal business formulas, there is no end to the confidential information that the business needs to keep secure. This information if leaked, will not only lead to the loss of personal and professional data, huge financial risks, but can also potentially wreak havoc on the market reputation of the brand. How many of us would dare to get into a business relationship with a company that has had its security breached in the past?

Yes, Technology has been incredibly conducive to the modern marketplace. It has revolutionized all industries beyond recognition. But it has also led to a very real, exponential increase in the risks faced by a business. It has fallen on to the CISOs to protect the organization from the same Technology that has allowed it to thrive in the enterprise market.


The fact that makes Technology hard to keep up with, is that it evolves at a rate faster than the human understanding. So, by the time the CISOs wrap their heads around a potential security threat, and begin planning protection against it, the hackers are well on their way to breaching the barriers through a more evolved technology.

This means that the CISOs are stuck in a loop and can never really achieve absolute security. It will always be subject to technological advancement. The CISO’s struggle then is not just to stay updated and constantly vigilant, but also to ensure the flow of funds for making this vigilance practically possible.

Budgetary Concerns

Due to the impossibility of tracing the performance of the Security department in quantifiable parameters, it becomes impossible for the CISO to present a convincing case to the Finance department.

Add to this, the fact that Security as a business operation does not productively contribute to the company’s ROI. It fundamentally works on hypothetical grounds. Its success is not measured in terms of the revenue that it has generated or how useful the security department has proven to be by streamlining the operations of other departments.

As the CISOs and their teams are not directly responsible for generating income for their organizations, they tend to lose their fair share of the budget to other departments that bring in quantifiable profits.

Addressing this complexity Rick Howard, CSO, Palo Alto Networks, says, “The core objective of the CSO/CISO is to prevent material impact to the organization. You can’t define that in terms of ROI because protecting the enterprise isn’t going to bring in any money. Rather, I would advise CSO/CISOs to calculate and present the potential cost of a hypothetical breach if leadership fails to properly invest in security. Everything from business disruption and loss of customers to consequential legal fees and remediation can rack up the bill more quickly than leadership may realize.”

The Security framework then works by negation. Its success is marked by an absence of a substantial data breach. Substantial because, security threats cannot be absolutely eradicated or protected against. There will be bumps along the road, and that’s how you know that the Security Framework has proved to be a success. It contains the road bumps and prevents them from turning into a full-blown wreckage.


You can read up to 3 premium stories before you subscribe to Magzter GOLD

Log in, if you are already a subscriber


Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines


April 2019