Categories: Security

RSA CTO: It’s Time To Concentrate On Business-Driven Security

Understanding the business implications of potential security breaches and attacks is vital in today’s digital environment, according to RSA’s chief technology officer (CTO) Zulfikar Ramzan.

Kicking off the keynote sessions at RSA Conference 2017 in San Francisco yesterday, Ramzan spoke about the relationship between cyber security and business objectives in a world where chaos reigns supreme.

“Today’s security professionals must draw connections between security details and business objectives,” he said, stressing the importance of adopting a business-driven approach because “security isn’t just a technology problem, it’s a business problem.”

Business focus

Referring to something he called “the gap of grief”, Ramzan highlighted how the inability to draw connections between security details and business metrics will hold companies back when it comes to addressing the “complex cyber security issues” of the future.

“Any ambitions enterprise is truly a joint venture between business and security,” he said. “Executives don’t care if an incident involves SQL injection or cross-site scripting, they just want to understand the business implications.”

Dell founder and CEO Michael Dell – who made a surprise appearance during the keynote – agreed. CEOs are “talking about the business risks” of digital transformation, he said, attempting to embrace the opportunities of a digital future while at the same time keeping their environments secure.

For any organisation looking to build such a strategy, Ramzan offered three suggestions. First: “Treat risk as a science, not a dark art.”  Through processes such as scenario analysis, businesses should think things through all the way to the end, always asking the question ‘what if?’ and being sure to use a “consistent and rigorous methodology”.

The second step is to “simplify what you control”, i.e. consolidate and integrate vendors so that you don’t end up with a disparate mix of platforms and services. “Don’t adopt a ‘no vendor left behind’ policy,” Ramzan said. “Double down on vendors who work well and ditch everyone else.”

And finally, “plan for the chaos you cannot control” by implementing an incident response plan that follows the ABCs: Availability, i.e. only leveraging the resources available; budget, making sure you are able to account for unexpected costs; collaboration, as the likes of IT, finance, legal and sales “all play critical roles during an incident and must work together”.

“These steps ultimately let you tame chaos,” said Ramzan, and in a world where vehicles are being hacked and device flaws are being leveraged by cyber criminals seemingly every day, chaos is never far away.

What happened in cyber security in 2016? Take our quiz and find out!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Intel Adds Two Chip Veterans To Board, Amid Search For New CEO

Two chip veterans named for Intel's board of directors, amid reports of expertise gap after…

22 hours ago

Waymo To Expand Ride-Hailing Service To Miami

Another major city in the United States is to receive Alphabet's Waymo ride-hailing service, with…

22 hours ago

Meta To Spend $10 Billion On Largest Data Centre To Date

Facebook parent confirms its 23rd data centre in the US will be located in Louisiana,…

2 days ago

Musk’s Neuralink Animal Lab Cited For ‘Objectionable Conditions’

Federal regulator reportedly cites animal lab at Elon Musk's Neuralink for “objectionable conditions or practices”

2 days ago

Trump Nominates Cryptocurrency Advocate Paul Atkins As SEC Chair

President-elect Donald Trump nominates a new chairman to head the SEC, who is a noted…

2 days ago