The security executive’s role in America continues to gain strength and visibility. Whether in the public or private sector, the intelligence community, academia or a critical infrastructure installation, “securing the business operation” is paramount.
Macro trends like globalization and technology cycles have spawned outsourcing and global supply chains. This wider playing field and “the Internet of everything” deployment strategy has also accelerated threats to the business via intellectual property theft, piracy, product fraud, personal information and identity theft, and many others. As security risk has increased, new megatrends around cloud computing and cybersecurity have emerged. For the first time security policy and protections can be implemented at the front end of the business cycle. The cloud model also represents the only option for some fast growth sectors requiring protection, such as intelligent end points or the cell phone. The device is incapable of constant security downloads (hardware), and the onus on the individual for security is misplaced. The cloud is the only option, unless we choose to sacrifice our mobility. Thanks to recent news cycles, we now understand that these compute devices are vulnerable. Welcome to Cybersecurity 3.0.
Simultaneously, commercial off the shelf (COTS) technologies continue to consumerize the IT deployment strategy. This has a significant impact on the chief information officer (CIO). As more solutions are outsourced, the budget and visibility of the CIO in the organization can begin to wane. What is the CIO to do? Collaborate or make a play for more security responsibility? This means that security professionals had better understand where the technology trends are heading and how they impact security policy. This could be the golden age of the security executive, but corporate politics (and the CIO) will not die easily. It is ironic that the platform that springboards the security executive into the future will be cloud-based, one that up to now traditional security has ignored.
Consider the concept of situational intelligence. It allows organizations to monitor, react, and — in a perfect world — anticipate events. One of the foundational technologies of situational intelligence is the visualization of geospatial and real time data. The perfect example being your Garmin-type directional navigator. This is the ultimate cloud-based and outsourced application. The future involves the physical security executive deploying more cloud-based applications supporting COTS technologies.
Cloud models enable predictive behavioral analysis (anomalies in human behavior). It takes massive data sets to accurately predict behavior. This actually runs counter intuitive to common sense. In this case, the bigger the data sets, the easier it is to classify “normal” behavior and then focus on the unusual. Jeff Jonas, IBM storage guru and famous creator of predictive analysis software, has been promoting the advantages of “big data sets” for years. The cloud finally makes this an affordable reality. The cloud will be the platform to outsource numerous security (and IT) functions in the future.
Security will always be about investigations and apprehensions. The process will be more digital, streamlined and enhanced through the ability to utilize real time situational intelligence in a utility type of “pay as you investigate” model. I believe that the leaders in merging technology with security policy will be benchmarks for the industry. One example can be found in our nation’s war on terrorism, and increased collaboration with the international law enforcement community. I expect the NYPD to leverage both the cloud model, as data sets grow in complexity, and cybersecurity, as that threat vector evolves. Chief Raymond Kelly hired CIA veteran, David Cohen, as his deputy commissioner of intelligence. NYPD also has cybersecurity officers on staff.
Some organizations will foster CIO / CSO collaboration, others will stall. Smart security professionals will leverage the cloud / COTS model to save money and improve business operations. Security executives will deploy innovative new strategies to protect the global operations of the business. This increased visibility will provide additional career opportunity. The era of the CSO (CISO) as CEO has arrived. Understanding these political shifts is critical for security vendors and integrators alike. Security is going big time and that means politics.