CSOs need to keep evolving, CA security exec says

CA executive urges CSOs at RSA Conference to strategize and make themselves heard

1 2 Page 2
Page 2 of 2

Now the company's HR system is being used as a single authoritative record of employee status and information, which streamlines processes by allowing IT to work with HR to ensure accuracy of data.

With greater provisioning efficiency and automation, MasterCard is in a stronger position to ensure compliance – an important consideration in the highly regulated financial services sector.

Customer satisfaction has increased dramatically. The identity management team is getting rave reviews from all levels of management – new employees are able to be productive from day one. And that's a big plus.

This project worked because MasterCard's Compas understood the responsibilities of a security leader within the organization. He understood that his job was to get people to rethink how the company managed identities.

"For this project to succeed," he said, "it was just as much about the business process change as it was about the technology. This project required a tremendous focus on education and explaining the reasons why we were doing this. We had to demonstrate the benefits of the program to the organization as a whole."

That's a key point, particularly in an IT deployment of this scale and complexity – essentially on par with any large-scale ERP implementation. To ensure that the project stayed on track and sustained the support of the company's management, Compas created a cross-functional governance team with representation from all key stakeholders. The team not only guided the project, it also kept all involved parties informed and updated as work progressed.

The result was that Compas achieved his objectives:

• The project delivered value quickly.

• Provisioning time sped up 10-fold.

• Line managers are empowered to take responsibility for access management.

• No heavy administrative burden was added.

This is what strategic security is all about.

At CA, we've given a great deal of thought to how the CSO's role will change as we build Enterprise IT Management, our vision for transforming the way the world manages IT.

Our vision is built around the three IT management functions of IT Governance, Management and Security.

The CSO has an important role to play. In an Enterprise IT Management environment, the CSO is not simply an enforcer of polices and procedures, but rather a key architect in designing an IT environment that will take an organization to the next level of business success.

Let me explain a bit more on what I mean. IT organizations used to be viewed as tactical necessities and cost centers. Poorly managed ones still are. By contrast, a sound IT organization functions as a strategic line of business and a core contributor to corporate success.

The CSO's role is elevated. To ensure that level of success, it is not enough to reduce risk and cost or to improve service; IT must be managed as a business and must coordinate with the lines of business. It must incorporate disciplined budget and capital-allocation processes, it must align the portfolio of projects with strategic corporate needs, and it must strive to provide business services that are ever more cost-effective.

At each step, IT processes must be secured. In this vision security is never an after-thought; it is part of the essential DNA of the IT environment.

I showed you a film earlier. It was supposed to be funny. But it was also intended to make a point. If you're a CIO and you don't know where your Chief Security Officer sits, you're probably missing a critical component in your strategic planning.

And if you're a CSO you need to ensure that:

1. You are serving as a security strategist in the organization. Don't allow yourself to be consumed by the day-to-day tactical demands of the job. Build a strong team so that you can deliver value to the C-suite.

2. Increase your visibility within the organization.

3. Achieve items one and two by communicating. If security is to become part of the fabric of the organization, your voice must be heard on a wide variety of issues at critical phases in the business strategy process.

An effective enterprise simply cannot exist unless governance, management and security are at the core.

In short, there should be no mystery about where the Chief Security Officer is – because the CSO will have a seat at the table whenever strategic decisions are made.

To view a video of the address, go here

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
IT Salary Survey: The results are in