Given the CISO’s stock has risen to new heights during the crisis of COVID-19 and its effects on the global world order, it stands to reason they need a new arsenal of technologies and tools to adapt to a new landscape. Or does it? Mansi Thapar, Head of Information Security, Jaquar Group; Dan Bowden, VP & CISO, Sentara Healthcare; Brian Brackenborough, CISO, Channel 4; Matthew Foley, Director of the EMEA Solution Architect Team, AMD; and Gavin Stubbs, CIO, Clockwise Offices, questions the dogma that new challenges need new solutions, in this debate filmed at The Studio @ Home 2020.
“It’s been an unprecedented time for us in healthcare, in the US,” reported Dan Bowden. “We changed our model to adapt to the current state of affairs, converting to telehealth-only work for at least two months in non-urgent, non-COVID-19 related cases. That really stressed our digital and security capabilities.”
Sentara Heath treated around 300 patients on its digital platform in February. After the pandemic was formally announced in early March, the platform had to cater for 60,000 the next month. That almost unbelievable percentage growth month on month also came at a time when Sentara’s workforce had to shift to remote work. Bowden and his team had to build upon strategies and tools already in place.
“We looked hard at the controls we had to manage remote access effectively,” he said. “We already had two-factor authentication, authorization and privileged access management across all endpoints, so our main objective was to review and test our capabilities so we would be comfortable with remote working in the medium to long term.”
Across the pond, British broadcaster Channel 4 had similar challenges. Leading up to the pandemic, the rota of plans in place had to be paused in light of crisis circumstances—all except the security teams’, much to the pleasant surprise of its CISO, Brian Brackenborough.
“I suggested to my manager to pause and return to these projects when we get back to a BAU model, but he assured me that senior executives were behind the security team and now more than ever we needed to pull forward with these plans. I was impressed,” said Brackenborough.
The media CISO also added how remote working provided a time and space to work harder, with less interruptions. It isn’t just about what technologies one has, it’s also about how you maximize the context one finds oneself in, he reminded the table.
Competition and collaboration
AMD’s technology leader took this opportunity to comment on the competition emerging as a result of the pandemic. The semiconductor creator also inbuilds security features within a number of its products that exposes upwards in operating systems and devices; it has seen a strong uptick in interest and competition in these features, and is cognizant of the fact CISOs ought to be opportunistic about what they can get and how much they pay.
The remaining speakers, Mansi Thapar and Gavin Stubbs, both discussed their relative viewpoints on the state of security and their plans to keep momentum. Their priorities haven’t changed, they both stated, but “the urgency at which my plans are being consumed”, said Stubbs, and “the additional budgets we received”, revealed Thapar, proves that boardrooms are keen to see innovation stem from their security departments.
In short, the security function has not transformed as had been widely reported, but has been given the financial and personal backing of its executive team to pursue the projects, technologies and solutions they had already earmarked. It seems that tomorrow’s CISO will be making use of the blueprints laid out by their predecessors far earlier than anyone thought possible.