Security should be built into business processes – Huawei UK’s David Francis (video)

15 Nov 2013

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Huawei UK CSO David Francis

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Too many businesses are making the mistake of viewing IT security as a bolt-on, and not as something that should be built into their business processes, Huawei UK chief security officer (CSO) David Francis told today’s IIEA Cybersecurity Conference.

Francis pointed out that soon the world will consist of 7bn people who will have 50bn connected machines between them. He said 75pc of email on the internet today is spam.

Prior to his appointment at Huawei UK, Francis was COO with an e-commerce platform. He was also VP of the operations department at Symantec, where he was responsible for the Software-as-a-Service (SaaS)/Cloud Operations Unit. Working with government and local authority customers, he gained vast experience of cybersecurity challenges and requirements for both the public and private sectors.

He urged today’s delegates: “Make security decisions on fact, not on emotion.”

 

He said that despite the overwhelming evidence that cybercrime is very real and very costly, the message hasn’t sunk into business leaders’ minds.

“Approaches to security haven’t changed, it’s always been a bolt-on. The approach needs to be build it into business processes, don’t just bolt it on.”

He also urged security practitioners and CIOs to get better at sharing information about the threats they are seeing.

“Up until now we’ve had too many like-minded people sitting in small silos, segregated from each other. Make sure all the stakeholders have a voice.

“When building the technology, be open and transparent.”

Francis also pointed out that when it comes to security, people are always the weakest link and often the gates are left open when people take short-cuts around processes.

Again he urged the stakeholders in the security realm to get better at sharing relevant information among themselves.

“There has to be a community approach to a community problem.”

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com