Intelligent CIO Africa Issue 60 - Page 28

EDITOR ’ S QUESTION
HAIDER PASHA , CHIEF SECURITY OFFICER , PALO
ALTO NETWORKS , MEA

Network security is a vital capability that enables the business to evolve through digital innovation – an effective strategy with every organisation across multiple industries . Building a cyber resilient strategy is important to build trust with customers , partners and the whole supply chain . The integrity of any organisation ’ s cyber posture serves as a competitive advantage and ensures that the company involved is not just protecting the business but empowering it . to complexity . Generally , selecting the best tool often means you should determine how easily it can integrate in your overall platform . A tool can be very strong , but if it doesn ’ t report , orchestrate defence or share threat intelligence with your other network security tools , it becomes its own silo and therefore has to be managed separately which takes up more resources .

CIOs along with their IT teams need to think in a Zero Trust strategic mindset and focus on understanding where the crown jewels are and what is critical to the business . With that understanding they can build a cyber response strategy should those crown jewels come under attack and ensure they have full visibility and ability to respond to every malicious incident they see .
As an organisation ’ s data moves beyond the traditional organisational boundary , CIOs and IT teams must first identify where the resources are ( data , applications , assets , and services ). Network Security today has no boundary . Organisations should focus on cloud , endpoint and the traditional on-premise network as the areas to secure , and tools such as next-gen firewalls , cloud security , endpoints , etc . should be automated , simple to deploy and use and above all else , easy to integrate . They should be used as a singular platform vs point vendors or tools creating more complexity and fragmentation in the network which will eventually lead
CIOs when designing their network security at times do not follow best practice standard to secure the environment such as NIST , CIS , ISO amongst many .
Some common mistakes generally that CIOs and their teams make include picking point products and not focusing on the whole security platform , or not clearly understanding where the crown jewels of the organisation are and how they share data and are reliant on the rest of the network .
CIOs when designing their network security at times do not follow best practice standard to secure the environment such as NIST , CIS , ISO amongst many . In addition , it is essential to have a clear roadmap for transformation – often CIOs build an IT strategy without keeping cybersecurity in mind from the beginning . It is recommended to use zero trust and an automated security operations centre to support the cyber security programme .
In addition , organisations should focus on a cyber resilient framework which looks at the organisational culture , policy , process , strategy and the technology critical to building it . It is advised to have consistent penetration tests to understand the gaps , both from an internal and external points of view .
My recommendation is to rotate the penetration test partners every year to get differing points of view . Moreover , organisations using an attack surface management capability which gives a real-time attacker point of view is important , as well as building a highly autonomous security operations centre to catch malicious behaviour in real-time .
28 INTELLIGENTCIO AFRICA www . intelligentcio . com