Symantec’s Sheila Jordan: ‘You have to detect, discover and respond fast’

23 Mar 2018

Symantec CIO and senior vice-president Sheila Jordan. Image: Symantec

Symantec CIO Sheila Jordan tells John Kennedy that instant detection and response to cybersecurity threats is the only way forward in today’s infosec world.

Symantec CIO and senior vice-president Sheila Jordan joined the IT security giant in 2014 to drive its IT strategy and operations.

A dynamic and experienced leader, Jordan has extensive expertise in driving enterprise collaboration across multiple channels, including mobile.

‘Our jobs have changed but now we are doing it in this dynamic, ever-changing, inside-and-outside-the-firewall world and we have to be sure we are protecting that data in motion’

Prior to joining Symantec, she spent nine years at Cisco where she was responsible for delivering and integrating key IT services for its global workforce.

A frequent speaker about collaboration, mobility, bring-your-own-device (BYOD) issues and women’s leadership, Jordan also has held leadership roles at The Walt Disney Company and Martin Marietta.

Hardly a week goes by when the world does not get some kind of a wake-up call around data and security. Can you sum up where we are at in the narrative of IT security?

From an IT industry perspective, there are five things that are converging.

The first is mobile devices – we are going to get to 7bn devices.

The second is cloud in terms of app usage, SaaS usage and public cloud infrastructure as a service because many companies are moving to public cloud.

The third thing is, we are at the tipping point of having structured and unstructured data. Much of the decision-making in an enterprise is structured but now you have transactions and social impact creating volumes of unstructured data.

The fourth is identity. We are seeing, as consumers use more and more smart devices, they bring those to work, and their personal/professional identities are blurring. From an IT/CIO perspective, we have to think about that. I love all my employees, but their photos appearing in the corporate network? I’m not too excited about that.

And then the fifth one is, of course, internet of things (IoT).

When you think about that, our jobs as CIOs are still about how to protect the company’s largest assets, which are the data of employees, customers and partners. We have to protect that data.

But what has changed is that, five or six years ago, that was contained in four walls. We could have our on-premise data centre and monolithic applications. And that has all changed with the five things I just said.

So, our jobs have changed but now we are doing it in this dynamic, ever-changing, inside-and-outside-the-firewall world and we have to be sure we are protecting that data in motion.

Layer that with the fact that the bad guys are getting smarter; they are attacking, staying longer inside the networks.

It is a massive opportunity or challenge– everything as we know it is changing.

It must be an interesting challenge being CIO of Symantec and leading IT within your own organisation, but also being an exemplar for other CIOs and clients?

Yes, absolutely every day. In fact, so much so that we created a programme called Customer One to accomplish this.

I feel like it is my team and I, our inherent responsibility, to use our IT environment here as a petri dish, as Customer One for our products and services beyond the company. Our engineers have to go and test products in the broader ecosystem.

Secondly, when we do that we are testing the product in beta and alpha, getting feedback – how do we make it better? What happens when you put in the ecosystem? So, what we do is give all the feedback to the engineering teams and then we write white papers that talk about our deployments, tips and tricks, and then our sales team can use that to talk to customers about what we are doing.

It is a pretty big challenge to make sure we are constantly giving constructive feedback to our engineering teams to make their products better. But also, we have to make sure that we are staying ahead of our peer group because we are in the thick of it. Our business is security so we have to stay ahead of our peer groups.

Do you have a large in-house IT team, or do you look to strategically outsource where possible?

I just celebrated my four-year anniversary with Symantec and I was hired to insource IT. Back when outsourcing was popular, we outsourced a lot of our IT. I’m not saying that outsourcing is a bad thing, but we had to effectively manage the outsourcer and a lot of changes to the company, and it wasn’t managed as it needed to be.

And so we decided that, since we are a security company, we need to bring all that back in. And subsequently, as I built a world-class IT organisation, we had two massive divestitures and six acquisitions in four years.

In those kind of situations, we had to create a programme called Integration and Transformation. It isn’t easy to smash companies together and try and get culture and synergy from it, but what we’ve done is use it as an opportunity to ask, ‘How do we want to do business? How can we simplify this?’

If we have four different ways to do licensing, how do we turn that into one or two?

So, we are transforming how we work and that helps me to deliver a much more simplified application landscape, infrastructure landscape etc.

Having said that, we have been in this Integration and Transformation mode for four years and we have been simplifying along the way. But we are still in 85 countries and 185 locations and still a very, very global company.

But what I love about being in IT is that we see horizontally, while many functions see vertically. And, as we go through this transformation, it is natural for IT people to see upstream dependencies and downstream dependencies, and so we help the business to think about things end to end.

Because of that, we are able to super-simplify if we have so many instances of the same application or we have a different way of doing something, so that we could test new technology to be cheaper or to be more timely and agile to get improved time-to-market capabilities.

How complex is the infrastructure? Are you taking steps to simplify it?

We use our own technology to protect our infrastructure.

We have the infrastructure that every CIO knows, which is around the network and the infrastructure in the network layer up to applications, how we encrypt the data, and then what I call the collaboration applications, and then it’s the endpoints like mobile devices and laptops.

Every CIO has that infrastructure, that stack, and, in order to do our jobs, we have to think about every layer of that architecture.

But what we do – going back to Customer One – we leverage our security technologies.

When we acquired Blue Coat, with that acquisition came Greg Clark (our CEO) and Mike Fey (our COO), and they came in and created what we call the Integrated Cyber Defence Platform.

Historically, security has been super-fragmented, where you had specific products to fix each layer of the infrastructure stack; for example, a bunch of mobile security options, things to protect the network layer, the internet data coming out, encryption of data – so there have always been these point solutions.

We are creating an Integrated Cyber Defence platform that pulls all that together.

So, the mobile device security will feed the infrastructure data so we know what devices are being used, where they are being used, that the right person is using them – and that all feeds into our infrastructure security.

The fact that we are stitching these together will give us the ability to make it harder for the bad guys to get in.

I also think it is super-important for CIOs, including myself, to really take advantage of simplifying even more.

In terms of the acquisitions, we actually reduced 400 applications in 3,700 servers that we took out of the company with zero business disruption.

What I love about that story is not about the efficiencies and savings, it is, when I take out legacy applications in legacy servers, that’s where the bad guys like to hang out.

So, all of a sudden, I am reducing my risk footprint by simplifying the whole organisation.

We use a product called ServiceNow, which is the hub of how we run IT. What that does is creates the blueprint that shows how everything is stitched together – servers, data, endpoints, apps etc.

But if something changes or a laptop is breached, we know instantly that the breach has happened and respond fast.

It is about having the operational controls, the defensive structure on the outside, but the operational and monitoring controls on the inside, and simplifying your environment.

It really is super-hard to do, but necessary in order to get control of it.

What are some of the main responsibilities of your own role, and how much of it is spent on deep technical issues compared to the management and business side?

I really see it as 50/50. My role is some days 100pc either way but the thing I love about being a CIO in technology is that you are the customer.

You have the voice of the practitioners when it comes to the strategy of the company, but also, there isn’t a day that goes by there isn’t a technical issue to focus on somewhere, somehow.

This delivers great insights.

It even extends to the commercials – how we bundle things together. I know vendors that I work with and buy from that are super-easy to buy from, and are clear and transparent. There are others that you dread negotiating with because it is so awful.

So, I am able to give that insight into our commercial teams and how we think about bundling enterprise licence agreements and things like that.

What are the big trends and challenges in your sector, and how do you plan to use IT to address them?

When when it comes to analysis and security, there is no shortage of data; there’s a plethora of data.

When you look at it, AI and machine learning are also overused terms. But for us, it is crucial to be able to help the security analyst and give solutions, which we are building with AI and machine learning; the capabilities to sift through that plethora of data and be able to detect an anomaly or a breach quicker.

So, you will start to see us do a lot more of that with machine learning; it is already built into a lot of our products already but you will start to see us develop a lot more of that.

The other thing I would say is, security historically has been about detecting and identifying an issue and being the bodyguards that sit around the infrastructure. That’s important but it is not enough.

So, in addition to identifying and protecting, you’ve got to detect, recover and respond fast.

Our threat-detection products enable that.

I can now see, in one screen, all of the files that are coming in that are potentially a threat and it will literally light up a laptop that we think may have a virus. And, all of a sudden, I can literally go in and take that laptop offline instantly and figure out if it was a real threat or not.

So, you will see us move into products that can take action once a threat is detected, but take action in a much smarter way using advanced analytics and machine learning.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years