Categories: Security

RSA CTO: It’s Time To Concentrate On Business-Driven Security

Understanding the business implications of potential security breaches and attacks is vital in today’s digital environment, according to RSA’s chief technology officer (CTO) Zulfikar Ramzan.

Kicking off the keynote sessions at RSA Conference 2017 in San Francisco yesterday, Ramzan spoke about the relationship between cyber security and business objectives in a world where chaos reigns supreme.

“Today’s security professionals must draw connections between security details and business objectives,” he said, stressing the importance of adopting a business-driven approach because “security isn’t just a technology problem, it’s a business problem.”

Business focus

Referring to something he called “the gap of grief”, Ramzan highlighted how the inability to draw connections between security details and business metrics will hold companies back when it comes to addressing the “complex cyber security issues” of the future.

“Any ambitions enterprise is truly a joint venture between business and security,” he said. “Executives don’t care if an incident involves SQL injection or cross-site scripting, they just want to understand the business implications.”

Dell founder and CEO Michael Dell – who made a surprise appearance during the keynote – agreed. CEOs are “talking about the business risks” of digital transformation, he said, attempting to embrace the opportunities of a digital future while at the same time keeping their environments secure.

For any organisation looking to build such a strategy, Ramzan offered three suggestions. First: “Treat risk as a science, not a dark art.”  Through processes such as scenario analysis, businesses should think things through all the way to the end, always asking the question ‘what if?’ and being sure to use a “consistent and rigorous methodology”.

The second step is to “simplify what you control”, i.e. consolidate and integrate vendors so that you don’t end up with a disparate mix of platforms and services. “Don’t adopt a ‘no vendor left behind’ policy,” Ramzan said. “Double down on vendors who work well and ditch everyone else.”

And finally, “plan for the chaos you cannot control” by implementing an incident response plan that follows the ABCs: Availability, i.e. only leveraging the resources available; budget, making sure you are able to account for unexpected costs; collaboration, as the likes of IT, finance, legal and sales “all play critical roles during an incident and must work together”.

“These steps ultimately let you tame chaos,” said Ramzan, and in a world where vehicles are being hacked and device flaws are being leveraged by cyber criminals seemingly every day, chaos is never far away.

What happened in cyber security in 2016? Take our quiz and find out!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

12 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

14 hours ago