Resurrecting CHAOS (Controlling Havoc and Overhauling Security) for Today’s CIOs

Resurrecting CHAOS for Today’s CIOs and CISOs

While at CloudExpo, London last week I had the chance to chat to RedHat’s Richard Morell. He suggested that I resurrect CHAOS (Controlling Havoc and Overhauling Security) Theory from a couple of years ago as the message is still holds very true.

The term ‘chaos theory’ first came about in the 1980s as a way to ascribe order to a seemingly random set of events. And, in today’s landscape of stark contrasts between business opportunities and impending risk, CIOs and CISOs have to drive collaboration and controlled acceleration: That is where CHAOS Theory comes into play: enabling both a new order and the opportunity for CIOs and CISOs to be part of the strategic business agenda.

Most CISOs cannot state with confidence that their organization’s information assets are secure. The general processes and even toolsets in place today are not standing up to the way that we do business or the attacks we’ve seen in the last few years, so why do we assume they will be good enough for the future? Mobility and BYOD are just the beginning of the next wave of infrastructure security challenges. We need to be concerned beyond just users having left IT’s security control and focus on thee data in often unsanctioned apps. that follows these users into the public cloud. We most often think about insider threats as malicious, but these cases that most often make headlines are just the tip of the iceberg.

Well intentioned employees may be a bigger risk still as with the blurring of social and work it’s so easy to accidentally overshare sensitive enterprise data. And, if we thought it was bad enough when cyber thieves steal our data what havoc will they wreak in the Internet of Things era when they change it?

The goal with the CHAOS Theory is really to funnel user demand in a way that is far more ordered and less chaotic than today. There isn’t a single proposal or program that applies universally to all organizations but following is where you might start:

  • Rather than fight loss at the endpoint and an evaporated enterprise perimeter, instead focus on contextual identity-based controls such as location, time, what type of data, and/or threat vector to determine what resources users and devices can connect to.
  • Leverage cloud threat data feeds to make more accurate risk predictions based on an aggregate view of threats seen around the world.
  • Utilize big data-processing facilities such as HADOOP and OLAP (online analytical processing) to identify potential data breaches, data leakages and system compromise so that defensive controls can be adapted or updated in real time.

And, for CISOs looking to demonstrate the value of their teams and work to Executive and strategic business holders, consider the following:

  • Implement a metrics analysis platform to enable the CIO and CISO to act as the central point of governance and thus better quantify and qualify
  • Establish an executive forum for reviewing compliance with key business stakeholders

By Evelyn de Souza

Johan

Why the digital infrastructure is a matter of national interest!

Digital Infrastructure National Interest When the Internet was born, it promised a form of democracy and guarantee that everybody could be part and setup their company to contribute and make the Internet better. Today - ...
Garry Connolly

Data Policy is Fundamental for Trust

Data Policy Trust Consumers once owned and protected their data independent of anyone else. Handwritten letters, paper bank statements, medical records locked up in a doctor’s office were once the norm. The online era of ...
Ajay

Deep learning to avoid real time computation

Avoid real time computation “The underlying physical laws necessary for the mathematical theory of a large part of physics and the whole of chemistry are thus completely known, and the difficulty is only that the ...
Ian Hayes

EasyShip – Shipping and delivering across the cloud

The Shipping Industry  Article branded by Easyship Shipping and delivering across the world is as hectic as it sounds, and it can get really chaotic for online businesses to keep track, especially if they sell ...
Back G Cloud

Five Reasons Why There’s A Digital Stampede To The Cloud

The Digital Stampede As the transfer of digital assets to the cloud gathers momentum, we examine the fundamental reasons why it’s happening Many organizations have been contemplating moving some or all their assets to the ...
Bruce Guptill

As The Digital Workplace Strengthens, Traditional Business Thinking Must Die

The Digital Workplace The cloud-driven, digital workplace is enabling better ways of working, new ways of doing business, and entirely new business opportunities. It is also breaking down traditional boundaries and barriers within and between ...