Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
In a world of emerging technology like artificial intelligence and the cloud, Shamla Naidoo, co-author of the book The Cyber Savvy Boardroom, says modernization is key. For six years, Naidoo served as the global CISO at IBM. She believes modernization is needed not only when it comes to tech that supports businesses but also in “security practices and solutions.”
Naidoo, now the head of cloud strategy and innovation at Netskope, a cloud-native security platform, caught up with IT Brew to chat about workplace strategy, emerging tech, and mitigating cyber risk.
This interview has been edited for length and clarity.
What does it take to create a cyber-savvy boardroom?
“You know, from the board perspective, it’s all about governance, it’s all about oversight. So, boards really have to understand the subject matter at a very high level, and then they have to be able to oversee that to detect and determine when things are not operating as they’re supposed to be.”
“What it takes for the board to be cyber savvy is understanding the basics, then continuing to maintain the knowledge base by augmenting it with new things. As the topic evolves, you have to keep the knowledge fresh.”
What does keeping things fresh look like with emerging tech? And how does that cause things to shift when thinking about the relationship between the board, CISOs, and IT managers?
“With these emerging technologies, every technology has huge opportunity. And boards are tasked with creating business value. And you don’t create business value unless you figure out ways to adopt the innovation, to leverage the emerging technologies. And early adopters have seen that they actually get the biggest benefits.”
“So you’re looking at a very different risk landscape where, as board directors, we’re now expected to take far more risks than we did, because you’re having to support these emerging technologies and the adoption of those—and that creates a whole new challenge,” she said.
When thinking about IT pros and leaders trying to mitigate cyber risk, what are a couple of the ways that these discussions are playing out?
“I’d say there are two things we have to think about in terms of communicating with the board—the first is that cybersecurity is not an exact science. You can have a checklist of 50 things, you can do all 50 things and you can do them all well, and you might still become a victim.”
“When the business shifts and changes, the technology has to shift and change; therefore, security has to shift and change. So I think that connection needs to be very clearly spelled out for the board so they understand we’re not just changing and adopting new technologies, new architecture, new solutions because we like it—we’re doing it because the business demands it, expects it, and needs it.”