A live poll of the CSOs (including representatives from many of the UK’s leading enterprises) revealed that CSOs view social networking as the most overhyped threat above other possible threats such as data leakage, targeted and non-targeted attacks, internal fraud and active economic warfare.
70% of those polled consider centralising data with a cloud computing solution as an opportunity, while 30% view it as a risk.
The lively discussion on cloud computing concluded that there was an urgent need for a common set of industry standards to enable companies to evaluate and compare alternative cloud providers. The consensus was that there’s an unstoppable move towards cloud computing, and that the industry needs to focus on developing Best Practices on how to choose and deploy cloud computing solutions.
Ban on social networking
On the subject of social networking, discussions indicated a strong preference for companies to ban social networking sites (with the notable exception of LinkedIn, which most companies consider acceptable). 75% of companies – a number largely unchanged since last year’s poll – revealed that their organisations had chosen to ban social networking, recognising that this was due to its impact on productivity as much as on security.
The overwhelming majority recognised that banning company use of these tools risked alienating younger members of the workforce who could be tempted to resort to their own mobile devices, and most delegates advocated more education of enterprise users to help them understand how to use social networking tools in a responsible manner.
Another area of heated debate centered on the role of the IT professional five years from now. About 35% of the CSOs claimed that their roles already include technical, legal, managerial, political and communications elements, while 22% still view their roles as predominantly technical.
The discussions on this subject touched on the reduction in the number of internal IT staff required by organisations due to the move to cloud computing infrastructures, and the migration of the majority of the remaining roles from internal support roles towards managing large data centre infrastructures (either for cloud vendors or for large corporate users).
Ever-changing nature of the challenge
Qualys chairman and CEO (and founder of the CSO Interchange) Philippe Courtot summed up the event by statin: “The discussions and views aired at these events always reinforce my view of the immense and ever-changing nature of the challenges facing today’s CSOs. It’s no longer sufficient to be technologically astute. In the future, CSOs will also need to display a variety of skills ranging from that of the technician to the communicator and even the evangelist.”
Howard Schmidt (former White House advisor) and Courtot founded the CSO Interchange in 2004 to provide a forum for chief security officers in corporations, government agencies and other organisations to exchange ideas, discuss challenges and learn from the real-world experiences of their peers.
The event is organised by Security Vibes, a private online community focused at senior security practitioners which provides an independent forum to discuss a wide variety of security issues that affect their organisations and reveal their top-of-mind concerns through interactive surveys.
The concept started in the US in 2004, and there have been five successful events there including one this year at RSA in San Francisco. The recent CSO Interchange in London was organised by Security Vibes and sponsored by Qualys with the participation of KPMG and I4, the International Information and Integrity Institute.
