Top Global Security Officers Reveal Strategies for Driving Business Advantage in an Economic Crisis

February 10, 2009

New report from RSA, The Security Division of EMC provides CSO/CISO roadmap for creating new efficiencies without sacrificing business value

BEDFORD, Mass., Feb. 10 /PRNewswire/ — RSA, The Security Division of EMC (NYSE: EMC), today released, in conjunction with the Security for Business Innovation Council, the results of their third report, “Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy.” In this report, top security leaders from around the globe examine the information security challenges created by the current economic crisis, and offer concrete strategies for achieving more with less in 2009.

“In a tough economy, it’s tempting for enterprises to rein in business innovation,” said RSA President Art Coviello. “However, strategic initiatives that enable revenue growth and operational transformation are more critical than ever. Security practitioners can help business leaders safely pursue the most lucrative business opportunities by understanding the risk picture and identifying the right trade-offs. At the same time, security teams must find ways to squeeze the most out of every dollar. For example, EMC’s Chief Security Officer and council member Roland Cloutier recently freed 25% of EMC’s monitoring and response operational resources and achieved a four-fold improvement in alert performance by consolidating device, application and technology monitoring into a centralized SIEM solution.”

The 2009 CSO/CISO Agenda – New Security Efficiencies, Better Business Advantage

While the economy is in a downturn, the demands on security programs are escalating. Budgetary and staffing pressures coupled with heightened regulatory requirements, escalating threats and high senior leadership expectations continue to drive up the business stakes on security. In this climate, security teams are facing hard decisions about where to invest their time, money and efforts.

“Creating efficiencies and driving business advantage can seem like conflicting objectives, but they don’t need to be,” said Dave Cullinane, Vice President and Chief Information Security Officer of eBay Marketplaces. “Especially in this current economic environment, it’s more important than ever to make sure you have the right expertise on your team to make good risk/reward decisions, which will ultimately ensure you invest in the right things.”

Released today, “Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy” provides five timely recommendations for managing security programs for business success in 2009:

  1. Prioritize Based on Risk/Reward: The Security for Business Innovation Council members call on security professionals to sharpen their ability to make tough judgment calls based on risk.
  2. Have the Right Mix of People on Your Team: In lean times, all security team members must have “the right stuff.” They should be able to partner with business owners, offer alternative solutions and speak to issues beyond security. In this report, Council members offer detailed advice for managing human resources, using consultants and extending teams through decentralization.
  3. Build Repeatable Processes: In most organizations, there are many opportunities to rationalize processes and achieve economies of scale. Council members recommend that security leaders improve efficiencies by applying traditional operational metrics to their security programs. They recommend working to embed security into core business processes to increase organizational productivity and drive down standalone security costs.
  4. Create an Optimal Shared Cost Strategy: Costs for security are often shared between the centralized security organization and the various business units and departments that need to protect information assets. While the formula varies from one enterprise to the next, Council members offer insight on how to ensure spending matches objectives and needs.
  5. Automate and Outsource Wisely: Using technology to automate manual processes and outsourcing some security functions may provide significant efficiencies and cost reductions, but it’s important to plan and manage these efforts carefully to maximize benefits. Council members share guidance on how to proceed for optimum business impact.

About the Security for Business Innovation Council

The Security for Business Innovation Council is comprised of 10 highly-successful Global 1000 security executives who are committed to sharing their own insights and experiences to help move information security forward at organizations worldwide. Council members include: Anish Bhimani, Managing Director, Risk and Security Management, JP Morgan Chase; Bill Boni, Corporate Vice President, Information Security and Protection, Motorola; Roland Cloutier, Vice President, CSO, EMC Corporation; Dave Cullinane, Vice President and CISO, eBay Marketplaces; Dr. Paul Dorey, former Vice President, Digital Security and Chief Information Security Officer, BP and Director, CSO Confidential; Renee Guttmann, Vice President, Information Security & Privacy Officer, Time Warner; David Kent, Vice President, Security, Genzyme; Dr. Claudia Natanson, CISO, Diageo; Craig Shumard, CISO, Cigna Corporation; and Andreas Wuchner, Head IT Risk Management, Security & Compliance, Novartis.

RSA-produced Security for Business Innovation Council reports are based on in-depth, one-on-one interviews with all Council members. The first report in the series offered a set of recommendations for making information security more strategic to business innovation. The second report provided a blueprint for making risk/reward calculations. RSA expects to release more original Council reports over the coming months. Those interested in learning more about the Security for Business Innovation Council reports can visit the RSA Thought Leadership website at http://www.RSA.com/securityforinnovation/ to view and download all of the studies.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

RSA is a registered trademark of RSA Security Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation. All other trade names and trademarks are the property of their respective holders.

SOURCE EMC Corporation

Source: newswire

comments powered by Disqus