Enterprise Security is Hot! (again)...and why CXOs should care.

Security is easy and tempting to ignore. It's generally a cost center, and until there's a problem, off the non-IT management's radar. So it generally is ignored by management outside of the IT departments. However, highly publicized attacks like the State sponsored hacking of the New York Times, Stuxnet, and attacks on major companies, has created a renewed emphasis on Enterprise Security. Coincidentally, Enterprise Security is hot again in "the valley".

But the reasons Enterprise Security are hot in Silicon Valley are the confluence of Cloud-based services, Big Data, and explosion of internet connected devices. Startups focused on the intersection of these trends are particularly interesting. Here are some examples:

Risk I/O: In a chat with Ed Bellis, founder/CEO of Risk I/O, we discussed the multiple alarms/data being spit out by security appliances/software/services. Their approach is to connect these various data flows into a more coherent & prioritized single web interface to help the IT dept figure out what to focus on. The side benefit of doing this, is the accumulation of data from multiple clients and the precognition that can emerge. What the #(#$*&! am I talking about? Imagine you're a financial institution in Argentina. By aggregating data (anonymously) Risk I/O can predict where you will see the most problems, and how to prioritize your security patches/solutions. Big Data meets Security.

Vorstack: Co-founder/CTO Andreas Haugsnes has latched on to the fact we are virtualizing all aspects of services. Services, the network (more than $3Bn has been spent acquiring SDN companies like Nicera), and now security. Instead of physical appliances, why not virtualize security for SaaS and other services? Untold combinations of solutions can be quickly brought up and tested, leading to an increadibly fast, responsive, and unique set of solutions for today's cloud-based services. Cloud meets Big Data meets Security.

So OK, let the IT people figure this out, right? WRONG.

As CEO, CFO, CMO, security is now a part of your business. It can be a passive, reactive liability or a pro-active, value-creating asset. JP Morgan recently won a security award for tackling fake email (phishing) attacks on its customers. Using Agari's SaaS solution, they have effectively cut billions (yes, billions) of fake emails sent by criminals with the JPMorgan logo being sent to their customers for the sole purpose of stealing/infecting a user's account/computer. Think of it: your clients are getting emails with your logo, and it's completely fake. This is a brand management and business issue as much as a technology problem. How can you have a conversation with your clients if they don't even trust your emails? By taking on this problem in a systematic way (CMO & CISO working together), the end result was a technically efficient solution, with the benefit of Brand Goodwill & customer trust increasing. This solution is now a Marketing asset, and consumers now have more trust and more likely to respond to JPMorgan's outbound communication.

The time of simply stating "If you are concerned about the authenticity of this message, please click here"  <actual text from my Chase credit card email!> is over. CMOs need to take control of the company's reputation, COOs need to control and show steps being taken to mitigate service interruptions due to security lapses, CFOs need to state the risks inherent in the business results due to possible intrusions/takedowns. CEOs should go on the offensive by clearly demonstrating a commitment to better security and an understanding of the increased importance of security in an ever more interconnected and complex landscape. Ignore security at your own peril!