I sit on a number of not-for-profit and commercial boards of directors. I am lucky in that I have a pretty good understanding of how their technology landscape can introduce risks into the business. As someone who spends much of his time in the tech world, I can bring this knowledge and awareness into the companies I work with.
But that isn't the usual way things work. Most boards of directors are made up of individuals who have little or no awareness of their organization's technology footprint and the impacts it can have when something goes wrong. This is the problem space that TechDemocracy, a global cyberrisk assurance solution provider, is trying to solve with its Intellicta platform.
The idea of Intellicta is to help boards of directors and senior management teams bridge the visibility gaps across their compliance, security, risk and governance functions. The platform, informed by a standards-based framework and risk assurance center, analyzes in-depth the effectiveness of existing cyberrisk and compliance solutions and offers a consolidated view of enterprise risk posture.
Intellicta offers a single dashboard that gives executives and directors a measure of overall cyberrisk across the enterprise, including a quantified risk score and financial exposure. This is a platform that directly extends from the work that the parent company, TechDemocracy, has been doing for years.
"Our DNA is rooted in cyber advisory and managed services, and particularly in identity and access management," said Srikiran Patibandla, CEO of TechDemocracy. "Building on that core, we made an investment to fill a gap that we see worldwide -- the need for a management platform that enables senior executives to evaluate, measure and govern the overall risk and compliance situation of the enterprise."
And as for that need for a tool like this? It should come as no surprise to readers that organizations today find it increasingly difficult to get end-to-end visibility over their risk profile. There are just so many different security products out there, and the increasing risk of cyberattack from so many directions means that the aggregate number of tools being used within an organization is trending upward.
That is good from a "specific solutions to specific problems" perspective, but not so good from a perspective of giving execs and leaders clarity.
"CISOs have been working hand in hand with other business functions to implement cybersecurity solutions," said Gautam Dev, global managing principal at TechDemocracy. "But for those accountable to boards of directors for governance -- CROs, CIOs, CEOs and CFOs -- what has been missing until now is a way to evaluate their performances collectively against the business objectives and to create one common picture of their risk situation. Intellicta enables senior decision-makers to assess and clearly communicate where the enterprise stands versus industry best practices and standards, pinpoint inefficiencies, prioritize risk investments and continually track progress."
From the practitioner's standpoint, Ken Pfeil, himself a former CISO and now chief architect for TechDemocracy, said, "Even in large organizations, I found it particularly challenging to obtain a holistic view of the risk posture, because I was limited to piecemeal assessments coming from the tools I was using to protect the enterprise. That approach not only lacks objectivity, it fails to show the gaps that exist in protection. We've created a platform that breaks down those limitations and puts companies on a path to intelligent risk assurance."
How the Intellicta platform works
The Intellicta platform is customizable to meet an organization's particular business requirements. Intellicta can integrate many IT security technologies right out of the box and start assessing their effectiveness immediately. As organizations decide on new security and risk tools to put investment toward to meet emerging needs, these can also be added to evaluate and confirm they are delivering the expected improvements to the overall cyberrisk posture.
Intellicta's platform framework incorporates a number of the sadly multitudinous regulatory requirements and security standards -- NIST, ISO, HIPAA, SOX and IRA, among others. For organizations, this means that they can tailor their reporting to their particular industry or risk profile.
MyPOV
Anything that gives executives -- and by extension, the board of directors -- increased visibility into the IT risks that their organizations face is a good thing in my books. While smaller organizations can probably use ad hoc methods to gain this visibility, for larger and more complex organizations, Intellicta looks like a useful tool.