Cybersecurity measures have developed significantly over the years, but so have the techniques of cybercriminals. This raises numerous complexities for security leaders to tackle. In an interview, Mignona Cote, Chief Security Officer at NetApp, highlighted the changing role of Chief Information Security Officers (CISOs) in this complex landscape and how they should brace for the next phase of cybersecurity evolution.
- Cyber threat landscape is becoming increasingly complex with a shortage of talent impacting cyber defense.
- Security leaders are also struggling to manage numerous vendors offering varied solutions.
- Keeping up with new and evolving technologies within a specified budget and timeframe while ensuring organization protection is a constant challenge for CIO/CISOs.
To address the substantial skills gap in cybersecurity, companies have begun offering more educational programs in cybersecurity, compliance, and risk management. At NetApp, training in cloud security and AI is provided which is crucial in combating cybercrime.
The role of a CISO has moved from just being a technician to someone who needs to build relationships with the board and peers as business continuity and operational success depend on these relationships. Security has become intrinsic to every aspect of the company’s operations making it essential for CISOs to effectively communicate these complexities.
NetApp invests in security based on risk assessment instead of a set percentage of the tech budget. Artificial intelligence, particularly generative AI, is set to play a key role in easing the skills shortage and automating security tasks. However, extensive training is required to make generative AI more meaningful, productive, and free from bias.
For managing a hybrid-cloud environment, they provide BlueXP, a management tool that simplifies traditional storage management offering visibility into factors impacting cloud and subscription costs.
NetApp is working towards achieving cyber-resilience by 2024 with updates to their unified data storage solution to tackle ransomware along with a guarantee for snapshot data recovery in case of a ransomware attack. Further, integrating security into DevOps tools and processes, threat detection, and monitoring with AI would be a significant focus. Compliance regulations are making it mandatory for organisations to use a security solution to protect their means of storage.