What do CIOs worry about when they consider security?

  • Developing a threat vulnerability plan can help alleviate worry.

  • As organizations move to use more cloud services and third party suppliers, security concerns can seem to expand.

  • Today's disaster recovery plans need to address how to respond to information breaches.

I recently wrote a blog titled “6 key issues that keep CIOs up at night” To follow up, I am going into more detail about the areas of concern identified in that first article and will focus on security this time.

Security is part of a larger set of issues that make up corporate risk. With the technology changes under way and the increase in hacking, who can blame CIOs for being concerned? Risks seem to get bigger and bigger.

Security is keeping individuals up at night because people don’t react to reality; instead they react to their perceptions of reality. To address this, you need to put together a plan to understand more about the threats.

You may even want to get an outside perspective, since, as Mark Twain said: “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.”

Once you begin to understand the threats and prepare your response, you also need to have system governance and processes in place to maintain and raise your level of understanding.

As organizations move to use more cloud (leveraged) services, security concerns can seem to expand. You now have third parties performing some of the functions that used to be done internally. It can seem that you’re giving up control, so you’ll need to vet your suppliers. There should be a legal contract in place, and since these suppliers specialize in the services they are providing, your security should actually go up.

Granted, corporate information will be going outside the walls of the organization, and that can be scary. Keep in mind, though, many security breaches actually have an internal element to them. Understand how you, as well as your suppliers, train personnel, since everyone probably is carrying personal devices.

Fear of security is always excessive until it is not enough. It is a matter of when not if there will be security issues. Understanding how quickly you can respond is important as well.

We’ve always had disaster recovery plans, but now they need to expand to address responding to an information breach. Hackers only need to be lucky once. You need to be lucky (and prepared) every time. To paraphrase a famous saying: “Those who do not secure their environment are condemned to recover what they can of it!”

For more information on how AT&T can help with your enterprise’s security, visit AT&T Network Security.

Charlie Bess is an independent IT Consultant. He is the author of this blog and all opinions are his own. AT&T has sponsored this blog post.


Charlie Bess IT Consultant Sponsored Post About Charlie