Resurrecting CHAOS (Controlling Havoc and Overhauling Security) for Today’s CIOs

Resurrecting CHAOS for Today’s CIOs and CISOs

While at CloudExpo, London last week I had the chance to chat to RedHat’s Richard Morell. He suggested that I resurrect CHAOS (Controlling Havoc and Overhauling Security) Theory from a couple of years ago as the message is still holds very true.

The term ‘chaos theory’ first came about in the 1980s as a way to ascribe order to a seemingly random set of events. And, in today’s landscape of stark contrasts between business opportunities and impending risk, CIOs and CISOs have to drive collaboration and controlled acceleration: That is where CHAOS Theory comes into play: enabling both a new order and the opportunity for CIOs and CISOs to be part of the strategic business agenda.

Most CISOs cannot state with confidence that their organization’s information assets are secure. The general processes and even toolsets in place today are not standing up to the way that we do business or the attacks we’ve seen in the last few years, so why do we assume they will be good enough for the future? Mobility and BYOD are just the beginning of the next wave of infrastructure security challenges. We need to be concerned beyond just users having left IT’s security control and focus on thee data in often unsanctioned apps. that follows these users into the public cloud. We most often think about insider threats as malicious, but these cases that most often make headlines are just the tip of the iceberg.

Well intentioned employees may be a bigger risk still as with the blurring of social and work it’s so easy to accidentally overshare sensitive enterprise data. And, if we thought it was bad enough when cyber thieves steal our data what havoc will they wreak in the Internet of Things era when they change it?

The goal with the CHAOS Theory is really to funnel user demand in a way that is far more ordered and less chaotic than today. There isn’t a single proposal or program that applies universally to all organizations but following is where you might start:

  • Rather than fight loss at the endpoint and an evaporated enterprise perimeter, instead focus on contextual identity-based controls such as location, time, what type of data, and/or threat vector to determine what resources users and devices can connect to.
  • Leverage cloud threat data feeds to make more accurate risk predictions based on an aggregate view of threats seen around the world.
  • Utilize big data-processing facilities such as HADOOP and OLAP (online analytical processing) to identify potential data breaches, data leakages and system compromise so that defensive controls can be adapted or updated in real time.

And, for CISOs looking to demonstrate the value of their teams and work to Executive and strategic business holders, consider the following:

  • Implement a metrics analysis platform to enable the CIO and CISO to act as the central point of governance and thus better quantify and qualify
  • Establish an executive forum for reviewing compliance with key business stakeholders

By Evelyn de Souza

Peter Tsai

Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Updated: 11.19.2020 What is IaaS? Infrastructure as a Service (IaaS) allows you to rent computing resources from a third party that you then access through the web. You essentially outsource having to set up ...
Mike Johnson

Data Transmission Travel Plans – From The Ground Up

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses data was put to at the end of their cables ...
Digitizing Contact Center to Reduce Call Volume by 30% and Improve NPS

Digitizing Contact Center to Reduce Call Volume by 30% and Improve NPS

Digitizing Contact Center With a Net Promoter Score (NPS) average of 24, telecom holds the lowest industry average according to the NPS Benchmarks Report. Operational inefficiencies in contact centers play a major role in the low ...
Kamal Maggon

Mining Business Value – Accelerating a US Company’s Cloud Transformation

Mining Business Value Traditional industries like mining have been slow to adapt to changing IP technology.  Of course, coal and other mining types have adopted new technologies starting with mechanical drills powered by pistons, then ...
Space

The Space Race Is Heating Up

The Space Race Is Heating Up For years the Space Race was the domain of countries and the national space programs. Namely Russia and America with China and India joining the game more recently. The ...
Gary Taylor

5 Reasons Why Virtual Desktop Infrastructure Will Go Mainstream Post 2020

Virtual Desktop Infrastructure Growth Virtual Desktop Infrastructure (VDI) technology enables remote users to access their desktop from anywhere using an internet connection. This technology has been around for a couple of decades but never received ...