These metrics - which will span operational networks, cloud environments, industrial control systems, legacy networks, and other environments - will support structured reporting of security risk to board members and business executives. This, in turn, will help them plan a pragmatic business strategy with a better sense of the real risks that their IT-security platform poses.
As organisations increasingly adopt bimodal architectures combining cloud and on-premise infrastructure, maintaining that enabling visibility capability will become the difference between success and failure. And that, says Farquhar, is why CISOs need to engage the board now to avoid difficult conversations later.
"The cloud makes our perimeters disappear and reduces our visibility," he explains. "But it shouldn't matter where the network traffic is; you should be able to see it. Organisations are now saying that visibility is a key attribute of any network that they're building: they need situational awareness in the cloud, and the first step to get that is visibility."
Source: CSO Australia
Sign up for CIO Asia eNewsletters.