Validate
Validation is the art of putting it all together. Once your organization is educated, instrumented, and ready to operate at high velocity, it's time to validate it. There is nothing that stops a potential disaster from occurring in real time better than conducting tabletop exercises (TTXs) of issues, incidents, decision making, or just about anything that happens in your business or agency. In fact, not only are these great learning and adjustment opportunities, but they are also incredible team-building exercises. Knowing that I can trust my skills and the skills of those with whom I work instills a tremendous amount of confidence, which in turn helps us all run, act, and execute faster.
Repeat
Nothing in this new digital business ecosystem is stagnant. “Complacency kills” is one of the first things that military and law enforcement officers are trained on. If your situation is changing but your tools, technologies, practices, and capabilities are not, you will be at the losing end of any battle. Avoid complacency by implementing a life-cycle approach to reviewing and improving on your adaptation toward becoming a speed-based organization.
OPERATING LIMITS FOR YOURSELF AND OTHERS
None of this happens in a vacuum. Your ability to apply these principles, operate in a speed-enabled environment, and deliver services in a next-generation digital ecosystem depends on people. Part of your growth, and that of your business, will be to understand the strengths and weaknesses of people and their ability to execute and adapt over time. Speed has no place if it is not integrated as a binding component of your strategy, because an organization that attempts it without a thoughtful, purposeful, and well-planned approach will fail.
Finally, base your success in cybersecurity operations on an advantageous application of speed in how you think, understand, plan, and execute to the digital world around you.
ABOUT THE CONTRIBUTOR
Roland Cloutier – SVP and CISO, ADP
As staff vice president and chief security officer (CSO) of ADP, Roland Cloutier brings understanding and knowledge of global protection and security leadership to one of the world's largest providers of human capital management solutions. With over 25 years of experience in the military, law enforcement, and commercial sectors, Cloutier is a leading expert in corporate and enterprise security, cyberdefense program development, and business operations protection. At ADP, Cloutier has functional and operational responsibility for cybersecurity, information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.
Prior to ADP, Cloutier served as vice president and CSO of EMC, where he spearheaded protection of its worldwide business operations, including leadership of all information, business risk, crisis management, and investigative security operations across commercial and government sectors. He served as vice president of cybersecurity at AimNet Solutions. He has more than 14 years of experience in the military and federal law enforcement in global aerospace protection, fraud and diversion investigations, and special event protection, including an assignment at the 1996 Olympic Summer Games in Atlanta.
IS SPEED AN ADVANTAGE? IT DEPENDS ON THE CONTEXT
Scott Charney, Microsoft
An old adage warns, “He who hesitates is lost.” Put another way, speed is essential. Indeed, speed is most often viewed in a positive light, connoting everything from exhilaration (fast cars), to competitive advantage (faster stock trades), to greater efficiency (airplanes over buses). Yes, there may be drawbacks (“haste makes waste”), but forward we rush.
In information technology, speed is often synonymous with increased productivity. Moore's law, which noted that the number of transistors in a dense integrated circuit doubles approximately every two years, permits us to process more data in less time. Faster transmission speeds, from fiber to 5G, give us access to larger datasets in less time. Machine learning and AI permit us to leverage these other technologies and promise decisions that will be both better and faster.
While this paints a rosy picture, there is another adage about speed, one that conjures up notions of risk. Although it may be true that “he who hesitates is lost,” we are often cautioned to “look before we leap.” That is, we need to slow down and be more cautious when making decisions.
So, should we in fact look before we leap, even if those who hesitate are lost? Which piece of conventional wisdom is correct? Clearly, quickly embracing new technology can yield terrific benefits, even if new risks must be managed at the same time. But can speed be cause for alarm?
Which adage is correct depends on context, and in this regard, it may be helpful to consider three different, albeit simplified, scenarios. The first involves credit applications in which older processes are made more efficient through modernization; the second involves unlocking new, transformative capabilities through the introduction of autonomous vehicles; and the third involves international affairs and the potential use of autonomous lethal weapons.
CONTEXT: CREDIT APPLICATIONS
In the area of financial transactions and the issuing of credit cards, we once asked humans to collect and analyze datasets and then make a binary decision about whether to grant credit. Two of these tasks—collecting and analyzing data—might be relatively time consuming and labor intensive, even if making the actual credit decision was relatively quick. In a post-computerized world, the process may be far more thorough (involving more data), happen far more quickly, and may all be done by machine. Simply put, greater connectivity, faster transmission and processing speeds, and machine algorithms have streamlined the process, resulting in faster and potentially more accurate decisions at lower cost. Yes, there are challenges with this approach, ranging from privacy concerns to biased datasets to faulty algorithms, but with appropriate controls and oversight, the risk is manageable.
More than just increasing transaction processing, the speed with which data can be collected, analyzed, and acted on may serve to protect both consumers and banks. For example, by more quickly analyzing spending patterns, banks can more quickly detect anomalous transactions and alert consumers of potential fraud. Perhaps more interestingly, banks themselves benefit from new computer security protections, particularly as they embrace cloud-based services. The reason is simple: In the cloud, we can harness new security capabilities that reduce security response times so that they more closely track the speed of malware distribution. This is best explained by example. Defenders of networks have long highlighted the importance of information sharing. Using the Financial Services Information Sharing and Analysis Center (FS-ISAC) as an example, if Bank A sees an attack, it notifies the ISAC. The ISAC notifies other banks, which then look for indicators of compromise on their networks. Other sectors have ISACs as well.
Although this model works well, it has challenges. First, it requires information sharing, which happens well in some sectors but not as well in others. Second, information distribution and analysis can take time. Third, the information may not flow to all players (for example, in the case of the financial sector, smaller banks may be less engaged). By contrast, as banks move to the cloud, the speed of response can increase dramatically. For example, Microsoft's Advanced Threat Protection strips attachments from emails, runs them in detonation chambers, and looks for malware. If found, that malware can be searched for throughout the cloud. This means if Bank A is attacked, all other banks—and other customers outside the financial sector—can quickly be protected from that attack. Simply put, protections can be broadly deployed to more entities without information-sharing delays. Moreover, as more customers move to the cloud, the amount of telemetry increases and protections improve. Thus, in the context of these financial transactions, speed provides significant benefits.