Cybersecurity leader takes a risk-based approach to cloud management
Virtualization is catalyzing dramatic transformations throughout tech and demanding rapid adaptation of most enterprise processes. The rapid shifts caused by cloud migrations, mass data, and “internet of things” edge computing are creating challenges for many organizations, particularly in the unstable new world of cybersecurity. As some businesses are struggling to establish secure foundations while retaining cloud’s flexibility, others are leaning in to virtualization — risks and all — as a means toward securing future-proofed security solutions.
“What IoT does is, gives you edge visibility that you never had before,” said Edna Conway (pictured), chief security officer of global value chain at Cisco Systems Inc. “The question is whether folks have deployed their IoT in a way that included the security community. You should have security at the table.”
Conway recently spoke with Jeff Frick (@JeffFrick), co-host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA conference in San Francisco, California. A tenacious advocate of designing new infrastructures from a perspective of plasticity and protection, Conway is at the forefront of Cisco’s IoT security revolution.
This week, theCUBE spotlights Edna Conway in our Women in Tech feature.
Simplifying secure architectures
A recent security report found that 97 percent of organizations are not prepared to guard against fifth-generation cybersecurity threats. While many enterprises anticipate security improvements when moving assets to the cloud, nearly all are left vulnerable to bad actors when met with the tangible challenge of defending their expanding virtual environments.
It’s these supply chain threats that Conway and her team at Cisco are working to prevent through a comprehensive approach to infrastructure, as well as key leveraging of tools in the virtual space. Despite the challenges they present, these new variable components in the value chain can actually provide a “hook in” to a more holistic strategy, according to Conway.
“We’ve been thinking about … a way to define a simple high-level architecture … that allows you to identify what your core goals are, and then allows those third-party ecosystem members to join you … in a way that works for their business,” she said.
Integrating security into new infrastructure from the outset can enable orgs to fully leverage the benefits IoT has to offer. “I see [IoT] as a positive, but it needs to be informed by things like AI … [and] machine learning, and there need to be gates … where the information is managed at the network,” Conway stated.
Fortifying trust in the digital economy
Few enterprises need to be convinced of the potential that IoT holds. Most are racing to explore the digital space, but high-profile security controversies like those surrounding Uber Technologies Inc. and Facebook reveal the lack of reliable parameters in place to protect sensitive data. To maximize new technologies and stay secure, Conway advises modeling with a risk-based approach that predetermines partnership boundaries and takes into account future threats.
“The currency of the digital economy is trust. In order to build trust you need to understand the risks that you’re taking. … That risk-based approach says you’re … partnering at a core solution level,” she said.
Conway is a staunch proponent of this collaborative, risk-based take on digital security, and the approach drives much of her work at Cisco. The value-chain strategy she uses internally and offers to Cisco clients is founded on a philosophy of retaining flexibility, as well as maintaining a steady pace of deployment to avoid perfection as an enemy to progress. Conway has written extensively on the topics of cybersecurity and in 2016 led an initiative that challenged Cisco teams to teach a cybersafety course to elementary school students.
“I think we need to get to the point where security speaks the language of business,” she said.
The future of cybersecurity
With years of experience in the space, Conway is constantly using her expertise to leverage new tools in an ever-expanding digital arsenal. Most recently, she has turned her attention to the security potential in blockchain. With the ability to track data through networks, blockchain becomes a highly effective digital ledger, or “passport for the data,” according to Conway.
“A chain of custody of your data and your actions across the full spectrum of a lifecycle adds a degree of integrity we’ve never had the ability to do easily before,” she said.
Further complicating Conway’s mission is the challenge of translating intangible security imperatives to C-suite executives and board members removed from the work of navigating virtualization. She accomplishes this need by setting tolerance levels based on predetermined goals and agreements with partners.
With her flair for collaboration, Conway’s system for safety reporting is in keeping with her commitment to streamlining clarity throughout cybersecurity. “You can translate that risk of tolerance into … currency. … Now you’re speaking the language of business,” she concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of The RSA Conference:
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.