November 20, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
A siloed approach to incident management slows down decision-making and harms cross-team communication during incidents. Instead, organizations must cultivate a cross-functional culture where all team members are able to collaborate seamlessly. Cross-functional collaboration ensures that incident response plans are comprehensive and account for the insights and expertise contained within specific teams. This communication can be expedited with the support of AI tools to summarize information and draft messages, as well as the use of automation for sharing regular updates. ... An important step in developing a proactive incident management strategy is conducting post-incident reviews. When incidents are resolved, teams are often so busy that they are forced to move on without examining the contributing factors or identifying where processes can be improved. Conducting blameless reviews after significant incidents — and ideally every incident — is crucial for continuously and iteratively improving the systems in which incidents occur. This should cover both the technological and human aspects. Reviews must be thorough and uncover process flaws, training gaps or system vulnerabilities to improve incident management.
A modernized approach to architecture review boards should start with establishing a partnership, building trust, and seeking collaboration between business leaders, devops teams, and compliance functions. Everyone in the organization uses technology, and many leverage platforms that extend the boundaries of architecture. Winbush suggests that devops teams must also extend their collaboration to include enterprise architects and review boards. “Don’t see ARBs as roadblocks, and treat them as a trusted team that provides much-needed insight to protect the team and the business,” he suggests. ... “Architectural review boards remain important in agile environments but must evolve beyond manual processes, such as interviews with practitioners and conventional tools that hinder engineering velocity,” says Moti Rafalin, CEO and co-founder of vFunction. “To improve development and support innovation, ARBs should embrace AI-driven tools to visualize, document, and analyze architecture in real-time, streamline routine tasks, and govern app development to reduce complexity.” ... “Architectural observability and governance represent a paradigm shift, enabling proactive management of architecture and allowing architects to set guardrails for development to prevent microservices sprawl and resulting complexity,” adds Rafalin.
Each device on your business’s network, from computers to mobile phones, represents a potential point of entry for hackers. Treat connected devices as a door to your Wi-Fi networks, ensuring each one is secure enough to protect the entire structure. ... Software updates often include vital security patches that address identified vulnerabilities. Delaying updates on your security software is like ignoring a leaky roof; if left unattended, it will only get worse. Patch management and regularly updating all software on all your devices, including antivirus software and operating systems, will minimize the risk of exploitation. ... With cyber threats continuing to evolve and become more sophisticated, businesses can never be complacent about internet security and protecting their private network and data. Taking proactive steps toward securing your digital infrastructure and safeguarding sensitive data is a critical business decision. Prioritizing robust internet security measures safeguards your small business and ensures you’re well-equipped to face whatever kind of threat may come your way. While implementing these security measures may seem daunting, partnering with the right internet service provider like Optimum can give you a head start on your cybersecurity journey.
Recommended by LinkedIn
To build out his team, Venables added key veterans of the security industry, including Taylor Lehmann, who led security engineering teams for the Americas at Amazon Web Services, and MK Palmore, a former FBI agent and field security officer at Palo Alto Networks. “You need to have folks on board who understand that security narrative and can go toe-to-toe and explain it to CIOs and CISOs,” Palmore told Forbes. “Our team specializes in having those conversations, those workshops, those direct interactions with customers.” ... Generally, a “CISO is going to meet with a very small subset of their clients,” said Charlie Winckless, senior director analyst on Gartner's Digital Workplace Security team. “But the ability to generate guidance on using Google Cloud from the office of the CISO, and make that widely available, is incredibly important.” Google is trying to do just that. Last summer, Venables co-led the development of Google’s Secure AI Framework, or SAIF, a set of guidelines and best practices for security professionals to safeguard their AI initiatives. It’s based on six core principles, including making sure organizations have automated defense tools to keep pace with new and existing security threats, and putting policies in place that make it faster for companies to get user feedback on newly deployed AI tools.
A key way to facilitate alignment is to become agile enough to stay ahead of the curve, and be adaptive to change, Bragg advises. The CIO should also speak early when sensing a possible business course deviation. “A modern digital corporation requires IT to be a good partner in driving to the future rather than dwelling on a stable state.” IT leaders also need to be agile enough to drive and support change, communicate effectively, and be transparent about current projects and initiatives. ... To build strong ties, IT leaders must also listen to and learn from their business counterparts. “IT leaders can’t create a plan to enable business priorities in a vacuum,” Haddad explains. “It’s better to ask [business] leaders to share their plans, removing the guesswork around business needs and intentions.” ... When IT and the business fail to align, silos begin to form. “In these silos, there’s minimal interaction between parties, which leads to misaligned expectations and project failures because the IT actions do not match up with the company direction and roadmap,” Bronson says. “When companies employ a reactive rather than a proactive approach, the result is an IT function that’s more focused on putting out fires than being a value-add to the business.”
Savings in communications can be achieved, and low-latency transactions can be realized if mini-data centers containing servers, storage and other edge equipment are located proximate to where users work. Industrial manufacturing is a prime example. In this case, a single server can run entire assembly lines and robotics without the need to tap into the central data center. Data that is relevant to the central data center can be sent later in a batch transaction at the end of a shift. ... Organizations are also choosing to co-locate IT in the cloud. This can reduce the cost of on-site hardware and software, although it does increase the cost of processing transactions and may introduce some latency into the transactions being processed. In both cases, there are overarching network management tools that enable IT to see, monitor and maintain network assets, data, and applications no matter where they are. ... Most IT departments are not at a point where they have all of their IT under a central management system, with the ability to see, tune, monitor and/or mitigate any event or activity anywhere. However, we are at a point where most CIOs recognize the necessity of funding and building a roadmap to this “uber management” network concept.