Menu

IoT FEATURE NEWS

Q&A: Distributed Computing and the Evolving CISO with Susan Mauldin of Equifax

By

Enterprise adoption of big data and cloud infrastructure is presenting new challenges for Chief Information Security Officers (CISO). I recently sat down with Susan Mauldin, CISO, Equifax, to get her thoughts about the evolving role of the CISO, perhaps into Chief Information Risk Officers, and how to secure the cloud.

PRAT: How has the role of the CISO changed over the last few years?
SUSAN: It certainly has become more challenging. The role of the CISO, I would say, is similar to a military role. In fact, we see this in the military and various government agencies where they actually talk about cyber warfare now. We’re seeing an evolution in the role, where the CISO is becoming more of a risk manager for the company, and in fact some companies are actually creating a role called the chief information risk officer. It’s a natural evolution for a CISO to go into that role, as it has historically been a very technical role, but it’s now becoming more of a risk manager role for the company.

PRAT: Cloud is a great way to bring more agility to an enterprise. More applications are being moved to the cloud, but there’s also been a big scare about security and compliance. How do you view cloud and security? Are they at odds with each other or do they help each other?
SUSAN: Five years ago, I would’ve answered you by saying that as a security professional, I would be adamantly against cloud. Today, I would say that cloud is definitely the way of the future. We used to say there was a tsunami coming and it was the cloud, but now we say that wave is here. It’s cresting and we really have to figure out how to use the cloud in a secure manner. We need to find a way to enable our business to use cloud services.

 PRAT: It’s been said that enterprises have too many entry and exit points to reliably secure them all. Does cloud have the same number of exit and entry points?
SUSAN: One school of thought says that when you put corporate assets into a cloud, it is more secure because you know exactly what you have there. You have an exact inventory, you know exactly who has access to that data and how that's controlled. For some enterprises that might be very attractive. I think for other enterprises that have a very, very good handle on all their assets internally — a locked-down network with very few entry and exit points — they will have more cultural resistance to going toward a cloud solution.

PRAT: Inherently, is there anything about the cloud that makes it insecure?
SUSAN: Cloud solutions are third-party solutions, which means they're not something I have full management of. So things like physical security, network security and so forth that I would normally check would have to be satisfactory for me in a cloud provider, but I would want another level of controls over the data itself. I would want encryption of data at rest and in motion, in use and in transfer. And I would also want tokenization or obfuscation of that data. Along with assurances from my third-party cloud provider, I would want to know it manages privileged users properly and that physical security is done well. Those are the kind of things that I would look for to give me assurances.

PRAT: If you look at the CISO community, do they share this view of cloud security?
SUSAN: I would say at least half the CISOs that I know share that view. I would say more CISOs are becoming more comfortable with cloud because there are controls available to us today that weren’t there years ago: Encryption, obfuscation, the ability to audit and so forth. Companies are also insisting that CISOs become more comfortable with the idea of cloud. Given enough time, we can secure anything and find a way to say yes to it. Business-driven CISOs are of that mindset.

PRAT: We hear of big data and security coming together now. What does it mean and why does it make sense?
SUSAN: Security has always been part of big data. In the early days of security, it was really nothing more than network monitoring before security really became its own profession. Even then, network analysts were analyzing packets, looking at firewall logs and proxy traffic. That was the big data of the time. Information comes from every device on the network. Everything is IP-addressable. We’re always looking for the anomaly that says something’s not quite right. In my environment, our big data challenge is how to sort through all that data quickly and in a manner that fits what we are looking for. 

PRAT: What’s your message to fellow CISOs and big data practitioners out there?
SUSAN: Big data in the cloud is not something to be feared — it’s a new horizon. For companies that have cultural aversions to that [adapting to the cloud], I think that it’s really up to the security team to make that difference, to help enable the business so that they have the assurance to do business in the cloud and in a secure manner. I think security has a very prominent role to play. 




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

IoT Designs that Resolve Customer Challenges: A Chat with Kenta Yasukawa, CTO of Soracom

By: Alex Passett    2/21/2024

Before IoT Evolution Expo 2024 (part of the ITEXPO #TECHSUPERSHOW experience) took place last week in Fort Lauderdale, Florida, we sat down with Sorac…

Read More

'Technology Changes, But We Must Keep Up:' A Conversation with Somos at IoT Evolution Expo 2024

By: Alex Passett    2/20/2024

At this year's IoT Evolution Expo in Fort Lauderdale, Florida, Somos SVP and CTO Sri Ramachandran held a keynote presentation focused on security for …

Read More

Sustainable Technologies through Action, Powered by IoT: Vodafone Speaks at IoT Evolution Expo 2024

By: Alex Passett    2/14/2024

At IoT Evolution Expo 2024 (part of the #TECHSUPERSHOW experience), Erik Kling - Vodafone's President & Head of Sales, IoT Americas - took to the stag…

Read More

'The Power of Meaningful Wireless' on Display at IoT Evolution Expo 2024

By: Alex Passett    2/14/2024

At IoT Evolution Expo 2024 here in sunny Fort Lauderdale, we sat down and watched GetWireless' CMO Terra Bastolich take to the stage in the Floridian …

Read More