While at CloudExpo, London last week I had the chance to chat to RedHat’s Richard Morell. He suggested that I resurrect CHAOS (Controlling Havoc and Overhauling Security) Theory from a couple of years ago as the message is still holds very true.
The term ‘chaos theory’ first came about in the 1980s as a way to ascribe order to a seemingly random set of events. And, in today’s landscape of stark contrasts between business opportunities and impending risk, CIOs and CISOs have to drive collaboration and controlled acceleration: That is where CHAOS Theory comes into play: enabling both a new order and the opportunity for CIOs and CISOs to be part of the strategic business agenda.
Most CISOs cannot state with confidence that their organization’s information assets are secure. The general processes and even toolsets in place today are not standing up to the way that we do business or the attacks we’ve seen in the last few years, so why do we assume they will be good enough for the future? Mobility and BYOD are just the beginning of the next wave of infrastructure security challenges. We need to be concerned beyond just users having left IT’s security control and focus on thee data in often unsanctioned apps. that follows these users into the public cloud. We most often think about insider threats as malicious, but these cases that most often make headlines are just the tip of the iceberg.
Well intentioned employees may be a bigger risk still as with the blurring of social and work it’s so easy to accidentally overshare sensitive enterprise data. And, if we thought it was bad enough when cyber thieves steal our data what havoc will they wreak in the Internet of Things era when they change it?
The goal with the CHAOS Theory is really to funnel user demand in a way that is far more ordered and less chaotic than today. There isn’t a single proposal or program that applies universally to all organizations but following is where you might start:
And, for CISOs looking to demonstrate the value of their teams and work to Executive and strategic business holders, consider the following:
By Evelyn de Souza