It may not be a word that most CISOs use to describe their jobs, but the proclamation of Cisco Systems chief information security officer Steve Martino (read CSO Australia’s interview) that “it’s sexy to be a security person today” resonated strongly with the themes of this year’s Cisco Live! conference in Melbourne.
CISOs have “a unique vantage point,” Martino explained during an address at the conference’s Security Innovation Day. “We work with all the IT systems, and work with the lines of business that are making choice, and we see the choices and risks the company is making as well as anybody – and probably better than most of them.”
“Our old skills are still valuable and important,” he continued. “But I think these new skills – about driving the business, being a strategic advisor, being able to drive the board and to lead the company and protect the shareholders – those are going to be indispensable in the future. It’s our time to adapt and thrive in security.”
Security was a key theme throughout the event, which attracted 6250 visitors for four days of technical training, certifications, educational sessions and technology demonstrations. The annual event also attracts senior Cisco talent from around the world, who converged to catch up with customers’ latest experiences and challenges.
One of the most enthusiastic was Jeff Samuels, who as global vice president of Cisco security marketing fills his days with customer conversations and determinations about how Cisco’s rapidly expanding security portfolio can help solve their problems.
Ongoing demand for security skills had led to a “probably negative” unemployment rate in security positions as businesses pivoted to become more dynamic, engaging, and responsive, Samuels explained during a customer panel session at the event.
“When you look at the surface area of what is happening to businesses and what we need to protect, the data is staggering,” he said. “And in one respect it is exciting – because whether you’re part of the security environment or not, every part of our infrastructure has that foundation of security.”
Integrated security was a key theme of the conference, where Cisco was spruiking tolls such as its Advanced Malware Protection (AMP) and Umbrella – the new moniker for the OpenDNS portfolio that it acquired last year. Such tools are being designed to source data and feed new policies across Cisco’s product range, resolving a lack of integration that has often proved problematic for businesses that, according to the newly released Cisco Annual Cybersecurity Report (ACR) 2017, are often installing up to 50 different security point products.
“The idea that they’re putting this together in a way that is not working together is problematic,” Samuels said. “Being integrated by invoice is not an effective security posture. We are building an architectural approach to how security works together, and it is working in terms of how customers are engaging with us. Those customers are getting more secure – which at the end of the day is most important to us.”
One such customer is the Sydney-based College of Law, whose network of branch offices administer a range of postgraduate training and industry certification programs for legal practitioners around Australia, New Zealand, and Malaysia.
The College of Law has recently worked through an extensive digitisation strategy that has seen it shift many key systems to cloud-based equivalents such as the Canvas learning management system and WebEx for remote delivery of learning materials. A number of key systems were kept on-premises – specifically, IT director Jennifer Walbank told conference attendees, “the things that the cloud cannot do with the performance or flexibility or the cost that I like.”
The organisation was previously using “6 or 7” different security products, but Walbank – noting that ransomware in particular had become “a massive impact on our resources” – ultimately shifted to an integrated Cisco approach to simplify and extend the organisation’s data protection framework across both on-premises and cloud-based applications.
“When we went to look at security, we wanted to holistically look at security overall and not just in a way that’s project-based,” she explained. “I did like the end-to-end approach.”
This included the deployment of AMP, Umbrella, the Cisco Collaboration, and a range of related services that have provided a broad security platform to suit the company’s new architecture. Working with Cisco partner Outcomex, College of Law’s security overhaul also included tight quarantining of improperly-secured email servers, and adjustment of the organisation’s backup strategy to offer 2-hourly recovery windows for faster recovery in the event of a ransomware attack.
“We had no visibility into our network until we brought this onboard, and we just couldn’t keep up” with regular malware infections, said Walbank, who noted that new college facilities in Kuala Lumpur and Adelaide had highlighted the need for flexibility in application delivery. “At one point it got so bad that we had to throw a hard drive away – strip it down, put it on the floor, and hit it with a hammer. But we haven’t had an outbreak since we put in the Cisco tools.”
Delivering a consistent and secure user experience to Malaysia had been “a real challenge not just from the security perspective but from the network perspective,” she explained. “This is another reason for [putting systems into] the cloud: you’re not having to reinvent the wheel every time.”
That, in a nutshell, is the message that Samuels and the other Cisco executives at the event kept alive throughout its hundreds of sessions.
“Focusing on security as being holistic is the right way of doing it,” Samuels said. “You’ve got to always try to be ahead, and you have to do it as a layer – on all your IT, and everything you’re doing.”
“Instead of customers asking ‘are we secure?’ we are trying to get them to ask ‘is our security posture effective?’ It’s a fundamental shift in thinking, and people are at different stages of understanding that. We just need to make sure we’re talking the language that customers want to engage in. It’s pretty exciting.”