Note: Guest Blogger Erik Hart is the CISO and Director of IT Risk Management at Zebra Technologies Corp., but the views expressed in this column are his own.
At Zebra Technologies, our global information security strategy is to provide “security visibility that’s visionary.” We empower employees to do what they need to do with the freedoms enabled by mobile and cloud computing, while maintaining visibility into their computing assets so we can keep them and our business interests secure.
Our cybersecurity tools provide the visibility. We place agents and monitoring software onto employees’ computers so they’re free to go wherever they need to go. No matter where they are, no matter what they do, we can protect them.
To make this approach work, our security staff must understand our organization, its business and its goals, and to make sure security is a part of the puzzle, not an outlier. And we also work closely with our IT team to make sure that programs are delivered and operating in a secure manner. In doing so, our security team has become a “department of yes” that helps our business achieve both its goals and a reasonable level of security.
Essentially, our security and IT departments have become business partners, and having security tools that can do “more than just security” is an important part of that relationship.
A Security Solution That’s “More Than Just Security”
The CrowdStrike® Falcon® platform is a great example of this concept, because it’s more than just a security tool that safeguards our systems and staff. It’s also a vital operational tool for our IT team.
For example, the Falcon platform provides visibility into our assets — what operating systems are being used, what software versions are running, things like that. It helps us from an asset inventory and management perspective.
Of the numerous ways the Falcon platform benefits Zebra Technologies, the following are key:
- Visibility. CrowdStrike technology provides unparalleled visibility into activities within our compute assets, no matter where they are or when they are connected to the Internet. This allows us to extend our protection to our employees without requiring that their machines are connected to our internal network.
- Efficiencies. With the introduction of next-gen AV last year, we were able to streamline our operations by eliminating one security agent and optimizing our costs. This optimization is key to our future, and as we continue to see CrowdStrike evolve, we are excited to see how Falcon Spotlight™ (CrowdStrike’s vulnerability management capability) will help make our processes more efficient.
- Peace of mind. As we have seen attacks evolve, we continue to see how CrowdStrike has likewise dynamically evolved to protect us. While many companies had to scramble when Wannacry came out, we simply had to execute our standard operating procedures because we already had CrowdStrike configured to block and alert on such ransomware. While we know we can’t expect perfect protection from any security solution, we believe that CrowdStrike is keeping pace with adversaries.
Becoming a “Department of Yes”
To integrate cybersecurity into the broader IT department with the aim of enabling business, might I suggest the following:
- Communicate freely and frequently. Make sure that the security department and the other IT departments communicate regularly. This can mean the various groups having regular status meetings so that priorities can be established and expectations met.
- Focus sharply on shared metrics. Establish measures or metrics of success that all parties agree upon. Having these will help gauge how things are going and where the teams need to focus priorities.
- Start at curious (and stay there). The security department cannot be the “department of no”; everyone in information security should “start at curious,” and be constantly looking for ways to enable the business. Be consultative and help all understand and mitigate risks to an acceptable level.
The benefits of this “visionary visibility” security approach extend to customer relationships and add market value to the company, as well, because it can enable a business to expand and try new technologies.
At the end of the day, having a security platform that can do “more than just security” is a benefit to the entire organization. We’re all here to make sure that Zebra Technologies succeeds, and that we have the right tools in place to do so.
Erik M. Hart is CISO and Director of IT Risk Management at Zebra Technologies Corp. With headquarters in Lincolnshire, Ill., Zebra Technologies is a global leader in enterprise asset intelligence, designing and marketing mobile computing, data capture, specialty printers, radio frequency identification products and real-time locating systems.
Watch Erik further discuss how the Crowdstrike Falcon platform helps Zebra Technologies