Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...
Australian CIO Summit 2013 Interview with: Dr Tim Redhead, Director, DotSec
1. Interview with: Dr Tim Redhead,
Director, DotSec
A requirements-driven, architectural
approach will inevitably save money and
improve business capabilities in the long
run, according to Dr Tim Redhead,
Director, DotSec. This is especially true
of information security and cloud-
hosted solutions, he added, where
Chief Information Officers (CIOs) are
advised to also focus on out-performing
competitors by enabling the business to
do more, rather than focusing solely on
cutting costs.
DotSec is a sponsor company at the
marcus evans Australian CIO
Summit 2013 in the Gold Coast,
Queensland, Australia, 29 - 31 July.
Big data, information security and
cloud computing. How can CIOs
ensure they support each other?
These three issues are complex on their
own, and even more so together. If you
ask ten people what cloud computing is
you will probably receive ten different
answers. Similarly with big data. Start
by getting a clear understanding of what
you mean by “big data” and “cloud”,
before defining what your requirements
are in these spaces.
The “scale-out” capability of good cloud
platforms (and yes, there are bad ones)
makes it ideal for supporting big-data
strategies. And of course, if the data
(and derived information) has any
value, then the ongoing viability of any
cloud deployment is going to depend
on well-defined information security
r e q u i r e m e n t s a n d s u p p o r t i n g
infrastructure.
What level of awareness do CIOs
need to have of a cloud-hosted
environment?
A cloud-hosted environment is often
physically located outside the local
infrastructure of the organisation that
owns the assets. Even a private cloud
will probably be hosted in one or more
geographically remote data centre(s).
As a result, it is often more difficult to
know what is happening within the
cloud environment, and to react (or
better still, pre-empt) to a security
incident in a timely manner.
A summary report at the end of the day
or week is not sufficient; getting a
report post event and then trying to
backtrack what happened will not lead
to effective data management, and in
large or complex environments is
probably not possible anyhow.
CIOs need continual monitoring and
complete awareness, to immediately
and effectively react to anomalous or
threatening situations.
What areas should CIOs pay more
attention to?
Distributed systems are now becoming
the norm, so distributed computing
infrastructure and architecture are now
becoming more important than ever.
Identity management, asset or
information sharing, real time
awareness and event incident
management all add complexity, but
that is what the cloud is. This is pretty
tricky for some CIOs to understand, but
it is risky not to pay attention to all the
parts.
Information security is not just about
stopping bad things from happening; it
is also about enabling the business to
do things it could not do before. For
example, identity management
infrastructures allow new applications to
be developed without the need to
reinvent authentication and account
management. Even better, a well-
designed infrastructure allows various
divisions, partners and customers to
share information more easily and more
securely.
Similarly, a logging and reporting
infrastructure provides the capability for
real-time reporting, alerting and event
management. As widely distributed
computing environments become the
norm, it becomes critical that
organisations embed that capability as
part of the infrastructure.
There have been many public examples
over the past 24 months of companies
that have been unaware that they have
been breached, sometimes for years,
because they had no awareness as to
what was taking place in their
computing environments.
As much of the IT world moves towards
distributed, physically remote, 3rd-party
hosted environments, it is more
important than ever that those
environments include requirements-
based, infrastructural information
security services and processes.
CIOs need
continual
monitoring
and complete
awareness
Building Business Capability in a
Cloud-Hosted Environment
2. The Information Technology
Network - marcus evans
Summits deliver peer-to-peer
information on strategic matters,
p r o f e s s i o n a l t r e n d s a n d
breakthrough innovations.
Please note that the Summit is a
closed business event and the
number of participants strictly
limited.
About the Australian CIO Summit 2013
This unique forum will take place at the RACV Royal Pines Resort, Gold Coast,
Queensland, 29 - 31 July 2013. Offering much more than any conference, exhibition
or trade show, this exclusive meeting will bring together esteemed industry thought
leaders and solution providers to a highly focused and interactive networking event.
The Summit features presentations on IT process optimisation as well as insights on
how to pinpoint high-value innovations, prove value to stakeholders and turn
knowledge into profits.
www.australianciosummit.com
Contact
Sarin Kouyoumdjian-Gurunlian, Press Manager, marcus evans, Summits
Division
Tel: + 357 22 849 313
Email: press@marcusevanscy.com
For more information please send an email to info@marcusevanscy.com
All rights reserved. The above content may be republished or reproduced. Kindly
inform us by sending an email to press@marcusevanscy.com
About DotSec
DotSec is a professional, independent, Australian-owned information-security organisation. DotSec was established in 1999 and
has consistently delivered solutions to customers in the financial, legal, utilities, education, transport, insurance and government
sectors.
www.dotsec.com
About marcus evans Summits
marcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discuss
strategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity to
individually tailor their schedules of keynote presentations, case studies, roundtables and one-to-one business meetings.
For more information, please visit: www.marcusevans.com
To view the web version of this interview, please click here: www.australianciosummit.com/TimRedhead2