Security

Today more than ever, Security is on the forefront of the minds of CIOs, CISOs, and CXOs. The growing sophistication of intruders and the risks from malicious or careless employees pose an enormous risk to the enterprise. Threats can be costly to prevent, but even more costly to ignore. Unfortunately, IT security budgets have not been increasing at the same pace as the threat. The effort to secure the enterprise and to validate its security to auditors and regulators detracts from the innovation and differentiation that CIOs must practice. The growing threats make it prudent for enterprises to collaborate on the processes, policies, and techniques they use to secure their organizations.

Many basic security programs conform to the 80/80 Rule: 80% of IT budgets are spent on maintenance and other undifferentiated activities; and 80% of that amount is probably duplicated by other IT organizations.

The CollabWorks Security Project is building on this rule.

Security management is now interlinked with compliance, risk management, e-discovery, and disaster recovery. Governance and best practice policies but meet periodic reviews. A typical method of assessing security readiness is to contract for an independent assessment of an information security program each year using an audit firm, as part of their annual financial audit. CollabWorks CIOs report that can cost $150,000 or more. Likewise the solutions required to eliminate weaknesses can cost millions.

The audit process and security initiative are similar for many organizations and therefore was selected by our members as a project focus. Seven members agreed to support a security project with the goal of sharing expertise and solutions. Each member nominated a representative and CollabWorks provided two network leaders – Mark Egan, former CIO of Symantec, is the IT collaborative leader, and John Muir of Trusted Strategies is the leader representing supplier options. Specific activities addressed security working group include:

Each member used the same self-assessment framework and provided their results to be shared by the project team without identifying the specifics for each member.

Three areas of shared weaknesses were identified that the team agreed to tackle: Dual factor authentication, vulnerability, and training. Projects were defined for each topic and tasks agreed to by the team and network leaders. In the case of dual factor authentication – 3 vendors were evaluated and the results shared to the whole team. Both network leaders and individual members helped other members with solutions to vulnerability analysis and training. Issues that would normally take weeks to resolve were resolved in hours.

Bi-monthly meetings are held with the working team where currently problems, issues, and solutions are discussed along with progress and next steps regarding the three projects.

New projects are currently being discussed including phishing, identity theft, and approaches of risk migration regarding data losses.

The collaborative approach to solving security problems significantly impact IT spending as the cumulative effect of sharing solutions reduces required skills and costs. The example below assumes a typical member would spend 5% of their IT budget on security (the average is about 7%). For a $500M revenue company, the security budget would be about $1M prior to CollabWorks. Over a three year period our thought leader experts estimate that members will be able to lower their expenses by 30% while increasing their overall assessment “score” by one grade point. The annual return on the CollabWorks investment is over 10/1 or about $300K in this example.

Footer
Green Web Hosting! This site hosted by DreamHost.
Copyright CollabWorks 2008 | 650 El Camino Real Suite O, Redwood City, CA 94063 | 877.807.8080
How To Join