Career Insights with Upasana Gupta

Educating the CEO on Mobile Applications

Striking a Balance to Meet Customer, Employee Requirements
Educating the CEO on Mobile Applications

Look at where technology is taking us. Very soon all CEOs will need to mobilize their business applications in order to serve their growing population of Android, BlackBerry or iPhone users. At the same time, they'll need to address both opportunities and risks associated with this.

Consider the following:

  • According to the 2011 (ISC)2 Global Information Security Workforce Study, conducted by Frost & Sullivan, which surveyed 70 percent of respondents said that more than 25 percent of the employees at their organization have mobile computing devices. Also, 66 percent of respondents worldwide reported mobile devices as a top or high concern.
  • Frost & Sullivan's research shows that smart phones are growing at a rate of 21 percent in North America alone, and the newest devices-tablets and e-readers are expected to be the next devices of choice, with an expected 22 million units to be sold in North America by 2016.

As security professionals, there is an expectation for us to develop applications for these new platforms in a secure manner, says Alessandro Moretti, an ISC2 board member and a senior risk manager at a multinational bank.

"Perhaps its time for setting another expectation that includes educating our executive leaders on these emerging technologies," he says.

A CEO must understand how mobility is changing the modern day's connectivity and lives to be able to think forward and innovate. Mobile applications now have the potential to transform customer experience on a ubiquitous scale, Moretti says. An example, users of mobile devices can now access their bank accounts, check their account balance, transfer money to some other account, pay their utility bills online, etc., just by comfortably sitting at their home or office.

As a chief security leader at Intel Corp, Malcolm Harkins agrees and says, "We are in the best position to drive this initiative and discuss with our CEOs both opportunities to innovate and how the organization can strike a balance to address the IT security and risk issues involved."

What's interesting here is an indication of how the role of IT security leaders is changing to business thinkers.

Perhaps now we can clearly see them sitting in a boardroom, sharing a seat with other top executives, discussing not only the risks and exposure that these new technologies bring, but also the impact of these applications on the business, employees and its customers.

For Moretti, education of his executive team begins with making them realize how they interact their lives using mobile devices -- be it to register for their kid's classes, do online shopping or pay bills. "Engaging them in their own daily lives is key," Moretti says.

Once a CEO understands the value and risks catered through mobile functionality, it is easier to discuss mobile innovations, policy and how the company can then strike a balance to meet customer and employee requirements.

For instance, Moretti points out that when a scenario is shared with a CEO on the likelihood of corporate data being leaked through either theft or loss of their device, "You have their full attention."

Moretti also believes that security leaders play an important role in communicating with the executive leaders the need for an IT mobile enterprise policy that covers the personal and corporate use of mobile devices by employees.

"We are the ultimate owners of risk and as such in a position to help the executive team determine the need for a mobile policy, whether it's data leakage, malware prevention or unwanted use of enterprise resources," Harkins says.

Considering the impact of mobile technology on data protection and the overall organization's reputation, it is the security leader who can advice a CEO on which controls to put in place devices that can or cannot link to the network, what permission and restrictions users can have to access corporate data and access to what information needs to be restricted.

Again, CEOs need to consult with their security leaders to fully understand the balance between innovating quality products and having a comprehensive review process in place to ensure that the new applications have security built-in and are compliant with industry regulations and standards.

Ultimately, it is the CISO's responsibility to be instrumental in changing the mindset of senior executives and gaining their buy-in that security is an enterprise-wide problem, not just an IT issue. And as such, security leaders should take it upon themselves to participate in educating their executive team on issues that are emerging and making IT security a more integral part of the business.

As a security leader, what approach have you taken to educate your executive team on mobile platform and applications?

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.