3.1.19 – SIW – Joel Griffin –
Former Microsoft CSO discusses how technology is changing traditional corporate security programs at annual Converged Security Summit
For over a decade, the term “convergence” has been used in the security industry to describe the intersection of physical security and IT within organizations. With the increasing migration of security devices and systems onto the network, there’s no denying that technology convergence has taken hold within most businesses today. However, for all the work that has gone into making IP the de facto standard for the deployment of surveillance cameras and myriad other security sensors, the industry, at least at an enterprise level, is now in the midst of another technology transformation known as the “Digital Transformation.”
In a keynote address at the third annual Converged Security Summit hosted by systems integrator GC&E Systems Group in Atlanta on Thursday, Mike Howard, the former Chief Security Officer at Microsoft who recently retired after spending 16 years with the tech giant, said today’s corporate security departments are being challenged to evaluate the effectiveness of their current technologies and processes in mitigating enterprise risk. Simply stated, Howard, referencing comments made by a former Microsoft colleague, said that the digital transformation is a “manual process with a digital construct,” which he added was merely a fancy way of saying it is an “end-to-end process.”
One example of how digital transformation has changed business, according to Howard, is Uber.
“Think about before Uber got into the mix, I want to go from point A to point B so I look in the Yellow Pages for Yellow Cab, call them, tell them where I want to go and then they get there,” Howard says. “Uber changed all of that. They took a manual process and put a digital construct to it, so everything is done from the app. From the app you are telling them where you want to go, you know the name of the driver and their background, when they are going to get there and the exchange of money is already taken care of.”
About two years ago, Howard says the global security team at Microsoft started to embark on their own digital transformation. The process, which is still ongoing, will eventually enable the company to leverage what is known as a Virtual Security Operations Center (VSOC). Essentially, a VSOC is a virtual white wall or single view platform that provides an operator with a more comprehensive or even predictive view of security.
Even though having three, interconnected Global Security Operations Centers (GSOCs) enabled Microsoft to eliminate disparate “mini operations centers” that previously existed in various locations within the company’s footprint and bring their security and life safety operations together under one roof, Howard said the advancement of technology will one day supplant these state-of-the-art ops centers.
As an example of what could be accomplished through next-generation technology, Howard offered a situation that is typical in many corporate campuses today of a person who is terminated trying to gain access to a building where their estranged spouse works. Even if this person isn’t able to gain access to the building with a badge swipe and the GSOC routes personnel to the proper location in a timely manner to prevent a worse-case scenario, there are still many manual processes that have to take place.
“However, what would happen if through machine learning, through technology all of those things that have manual processes had a digital construct so when that invalid badge gets swiped, the operator would get notified of building 34 and the schematic opens up on building 34? At the same time, information from the investigations group pops up and that information is relayed to mobile units en route. And, because of the feeds baked into the guts of this technology, you know automatically there is person in building 34 that this person may be after and they get an alert right off the bat,” Howard explains. “That’s what we’re heading towards. We envision a security world that’s faster, more predictive, less costly, and hopefully enables business.”
Convergence Evolves in Corporate Security
Though technology convergence has indeed taken place to a large extent in businesses today, Howard says the idea of convergence from a corporate security perspective that existed 10 to 15 years ago and involved placing all security functions under the purview of a single CSO has fizzled out because most CSOs simply don’t own the physical and IT sides of the house.
“Convergence now is different… it is how do you look at security holistically in an organization? Do we look at it as physical and IT or cyber or do we look at it as enterprise risk? That is how you have to approach it,” Howard says. “It’s not necessarily security; it’s enterprise risk. Where do you fall into that enterprise risk portfolio from a digital standpoint – the physical piece of it merged with the cyber part to collectively protect, respond and defend your enterprise.”
At Microsoft, Howard said embracing digital transformation meant asking themselves questions about what they were doing that they could be doing better and how could they get ahead of where technology was going.
“A part of that process is envisioning what is possible. Even if it seems impossible, that’s a good thing because you have to get your mindset out of, ‘this can’t be done’ as opposed to ‘it can be done,’ he says. “The other part of it is your people. Nothing gets done unless your people are there for the ride and they understand why you’re going in a certain direction from a digital perspective and what the ROI is for them.”
Howard adds that many people in security today need to take a fresh look at the concept of convergence and open their minds about the broader role they play in mitigating enterprise risk, which will be better enabled through this digital transformation moving forward.
“I kind of liken it to the way the cloud was 10 years ago and how people weren’t exactly embracing it right off the bat. Some people still don’t, but at the end of the day, it was something that enterprises were going to embrace,” he says. “Why? Because it was going to save them money, as well as the security aspect. Digital transformation is going to take place whether we like it or not.”
Click here to watch our video interview with Howard from the summit in which he discusses how the digital transformation is taking shape in many organizations today.
About the Author:
Joel Griffin is the Editor of SecurityInfoWatch.com and a veteran security journalist. You can reach him at firstname.lastname@example.org.