Business Continuity Management / Disaster Recovery , Cloud Security , Critical Infrastructure Security

Approaching Security with a 'Business Enablement' Objective

Taylor Lehmann of Google Cloud on Maturing Healthcare Cybersecurity
Taylor Lehmann, director for the office of the CISO, Google Cloud

Many healthcare sector organizations would raise their security maturity levels if more CISOs and their teams approached security with business enablement as the objective, says Taylor Lehmann, director for the office of the CISO at Google Cloud.

See Also: Ransomware Response Essential: Fixing Initial Access Vector

"I think if we shift to security strategies that focus first on business enablement and truly have goals set in business outcomes, organizations, I think, in many cases … will have more success … and increasingly more mature security programs," he says in a video interview with Information Security Media Group.

"It's about reducing, and in some cases eliminating, unnecessary controls or guardrails that slow down deployments of new initiatives, but don't provide any real value," he says. "Data-driven risk management is the maturity I'd like to see, and where I think high-performing systems are starting to go."

In the interview, Lehmann also discusses:

  • Other suggestions to healthcare CISOs for improving security efforts in their organizations;
  • Zero trust architectures in healthcare environments;
  • Top healthcare sector cybersecurity trends and challenges.

Lehmann is a director for the Office of the CISO at Google Cloud, where he advises Google Cloud customers on adopting a high security bar without compromise or unnecessary friction. Lehmann is an experienced CISO whose past work involved securing global healthcare organizations. He has held CISO roles for hospitals, health insurance, health IT organizations, and global banks.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.