Watch HotTopics.ht Editor Peter Stojanovic moderate a debate between CISOs of Telefonica, Oregan University, Sentara Healthcare and more.
With Peter Stojanovic moderating, the speakers of this roundtable debate include:
- Clare Ward, Transformation, Security and Aviation Specialist
- Joe Voje, CISO, Oregon Health and Science University
- Dan Bowden, VP & CISO, Sentara Healthcare
- Alejandro Becerra, Group CISO, Telefonica
- Jim Shook, Director of Cybersecurity and Compliance Practice, Dell Technologies
Security in a crisis
“It’s been an unprecedented time for us in healthcare, in the US,” reported Dan Bowden. “We changed our model to adapt to the current state of affairs, converting to telehealth-only work for at least two months in non-urgent, non-COVID-19 related cases. That really stressed our digital and security capabilities.
“We looked hard at the controls we had to manage remote access effectively,” he continued. “We already had two-factor authentication, authorisation and privileged access management across all endpoints, so our main objective was to review and test our capabilities so we would be comfortable with remote working in the medium to long term.”
Sentara Health had to work these through within a cloud environment alongside a far higher proportion of businesses than before—all because of the pandemic. It was an additional layer of tension. “We suddenly knew what cloud server disruption was like and we had to reconcile that downtime with the business needs, with executive management…”
Another healthcare provider, Oregon Health and Science University, had also expanded its digital and telehealth services much before the crisis, and benefited from the robust, mature security program they had put in place alongside. What surprised its security lead, Joe Voje, was cultural.
“We saw far more willingness across the organisation to cooperate with us,” said Voje, “and my aim is to maintain that level into day-to-day operations. The second thing I noticed is that we were far more comfortable with accepting more risk. I think it was because we knew we were directly saving people’s lives with our decisions.”
Head start for early adopters
From Telefonica’s perspective, even though they don’t form part of a pandemic’s first line of defence like a healthcare provider, its infrastructure is vital in the everyday running of society. According to its CISO, it “had no downtime” and much of that can be attributed to the global business already incredibly digitised.
“Almost every part of the business has experience with remote working,” explained Alejandro Becerra, “which made any cultural transition to mass remote working all that much easier. Of course, this year presented some specific challenges but we had a head start, if you like”
The questions CISOs should be asking themselves then is what next? This year has undoubtedly encouraged businesses they can move at speed when pushed and their CISOs are well equipped to match that pace. Claire Ward has much experience in the currently beleaguered sector of aviation and put some of these considerations to the group.
“‘What can you do with fewer people?’” she began, “‘How will you do things differently? Can you collaborate more, can you buy in [new technologies] instead of DIY, can you do more with less?’ These are some of the big questions CISOs are getting and the answers won’t be simple.”
Join the community
To join the HotTopics Community and gain access to our exclusive content, events and networking opportunities simply fill in the form below.