Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Dynamics 365

    Google

    HP

    IBM

    Intel

    Microsoft

    Microsoft Azure

    Oracle

    Red Hat

    Salesforce

    SAP

    Share Point

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • Amazon
    • Augmented Reality
    • Blockchain
    • CISCO
    • DevOps
    • Enterprise Asset Management
    • Startup
    • ERP
    • Field Service
    • Gamification
    • IoT
    • IT Services
    • Metals and Mining
    • Microsoft Azure
    • Project Management
    • Robotics
    • Smart City
    • Sports
    • Travel and Hospitality
    More
    Field Service Gamification IoT IT Services Metals and Mining Microsoft Azure Project Management Robotics Smart City Sports Travel and Hospitality
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Security and Compliance-focused IT Approach-key for Business Success

    Daniel Hughes, CIO, Elementis Global

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    How GDPR can open opportunities for APAC businesses

    Royce Teoh, Head of Digital Solutions, ASEAN, Oracle Asia-Pacific

    Keeping Pace with Technology

    Jenny Fung, Chief Compliance Officer, ABN AMRO Bank N.V

    right

    Productivity and Security- Can you ever have both?

    By Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Tweet
    content-image

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Risk. It’s a four-letter word in more ways than one. Fear of risk makes us wait, put things on hold, and potentially cost us something: an opportunity, a competitive edge or an account.

    Sometimes it’s not only worth it to take a risk, it’s necessary. Businesses may need to change the way they do business, and that change may require a certain amount of risk.

    What many companies don’t believe is that it’s possible to do both—be productive and maintain security.

    Enterprise Risk Management

    The cyber security world is fraught with risk. And while we like to feel secure the fact is, breaches are inevitable. There is no question a security breach can happen to even the most prepared organisation, thanks to savvy, sophisticated threat actors. We develop a new way to protect ourselves and before it’s even in place, some hacker is ahead of the curve with a way to sneak past it. So if you can’t guarantee a breach won’t happen, the best you can hope for is to lessen your exposure to risk. Enterprise risk management is the best way to approach that.

    There are three fairly straightforward steps to managing risk:

    1. Measure

    2. Discuss

    3. Negotiate

    1. Measure: Your first task is to accurately measure your level of vulnerability. Just how much risk are you willing to accept? Zero risk is probably not an option for most of us. Just having a computer or a mobile device means there’s a potential for a breach. So first determine how risky it is, and then decide whether a new way of doing business is worth that risk. Say you’re considering whether to allow your employees to use a cloud application to store and share files. Is the need for them to share instantly more important than the risk of opening your network up to possible malware-infected documents?

    2. Discuss: It’s important to have buy-in from people across the company. A working team composed of cross-functional representation can do a lot of the legwork on the front end to assess the risk and how it will impact the company’s productivity. A decision to roll out a new HR system may impact finance, or may mean sales people on the road now need mobile access. This team can address the concerns and calculate the risk involved in implementing the new capabilities. Regular meetings are key here, because businesses, and their needs, change–but so does the threat landscape.

    A Security Breach Can Happen To Even The Most Prepared Organisation, Thanks To Savvy, Sophisticated Threat Actors

    Input from various stakeholders ensures you’ve thought of everything before taking an idea to the top-level decision makers.

    3. Negotiate: Consider creating an executive security steering committee. During regular meetings, this team should be updated on where the company currently is security-wise, and discuss security concerns that need to be addressed at the executive level. Sometimes you’re faced with a higher level of risk than you’re used to, and you may get push back from folks who are unwilling to take that leap of faith. If your working team has already discussed the pros and cons and concluded that it’s worth the risk, your executive team has the input they need from across the company to make an informed decision. This team should meet quarterly but may be needed in the meantime if a security need arises. Above all, it is key that this team understand that security is not simply an IT concern–it is an enterprise concern with company-wide implications.

    “The right combination of technology, intelligence and expertise can go a long way to protect your company’s network while keeping your company’s doors open for business”

    Lock the Doors

    While it may sound dramatic, an organisation needs to secure the perimeter before anything else. How secure are your firewalls? When is the last time you updated your anti-virus protection? Regardless of your answer, you probably aren’t doing enough to keep your company secure. Cyber attacks easily bypass traditional signature-based tools, which means you need a security platform that not only works to prevent a breach, but also detects possible attacks and helps you analyze and if necessary, responds.

    The Cloud and mobile devices are hot targets for hackers looking for a way in. The last thing you need is for an employee to potentially bring something into your environment by plugging in their mobile device into your secure network. The bad guys may already be targeting you from outside–don’t make their job easier by having one of your own inadvertently being the malware messenger. Does that mean you shouldn’t adopt a BYOD mentality? Not necessarily. Mobile access is the key to many business needs and can help your employees stay productive. It simply means you need to make sure you’re as protected as possible.

    And if your system gets compromised, you’ll need tools to respond and contain the breach and mitigate loss. These types of tools take time to implement, and your working committee and executive steering committee should discuss these as soon as possible to they’re prepared for the worst. The right combination of technology, intelligence, and expertise can go a long way to managing a compromised network and keeping your company’s doors open.

    Decisions

    Business needs change over time. When you’ve got to decide whether how to meet your changing needs, the decision ultimately comes down to a tradeoff between productivity and security. Things to keep in mind at this stage are the potential business impact, the impact on productivity, whether it will help drive the business or deliver service to a customer. These factors must be taken into account when determining whether to undertake a move that may carry additional risk.

    Other concerns: How important is this change to the company? Is it impeding the business’ operations to keep the status quo? Will this change open your company up to potential data leakage or privacy concerns?

    The bottom line is: you can have a balance between productivity and security. Keeping your company (and your customers) secure cannot mean total lockdown, because no one can do their work. Find a level of risk you’re comfortable with, take the necessary steps to protect yourself as best you can, and have a plan in place to contain a breach in the event it happens. And know that you’ve done everything you can to eliminate one four-letter word from your vocabulary, or at least, to tame it.

    Read Also

    Security and Compliance-focused IT Approach-key for Business Success

    Security and Compliance-focused IT Approach-key for Business Success
    Essentials for a Compliant Environment

    Essentials for a Compliant Environment
    Welcoming Big Data Technology amidst Changes

    Welcoming Big Data Technology amidst Changes
    Leveraging Compliance to Your Advantage

    Leveraging Compliance to Your Advantage
    Top 25 Compliance Solution Providers - 2018

    Top 25 Compliance Solution Providers - 2018

     Top 25 Compliance Solution Providers - 2017

    Top 25 Compliance Solution Providers - 2017

     25 Most Promising Compliance Solution Providers

    25 Most Promising Compliance Solution Providers

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    Compliance Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/ciospeaks/productivity-and-security-can-you-ever-have-both-nwid-765.html