3 minute read
Edna Conway of Microsoft
The growing challenge of sustaining business operations during any major event has created a need for a comprehensive approach to security and resilience.
Advertisement
Edna Conway
Edna Conway is VP, Chief Security & Risk Officer, Azure at Microsoft. She is responsible for the security, resiliency and governance of the cloud infrastructure upon which Microsoft’s Intelligent Cloud business operates. She is recognized domestically (U.S. Presidential Commissions) and globally (NATO) as the developer of architectures delivering security, sustainability and resiliency.
For years we have addressed risk from a cybersecurity perspective as if it operates independently from other risk factors. We need to change our lens and focus on security and resilience together. The ultimate goal is operational resilience. How do we get there… together?
The fact is we live in a world of platforms – they are pervasive in industry and our personal lives. From reliance on real-time mobile financial services to use of “on demand” personal transportation platforms. The foundation of this platform economy is cloud and mobility technology. We all operate in a hyper-connected world. As a result, we all live and operate in a world of “WE”. We cannot even approach operational resilience if we view our business or government operations through the lens of us and them. We must drive resilience and integrity across enterprises. This includes third party ecosystems as well as remote workforces and operations. As enterprises, the core of our mission is ensuring customer trust - trust in our solutions and services and trust in us as a partner in our customers’ success. Earning that trust requires two digital capabilities—Security and Resilience. To be secure, we must ensure the integrity of every operation, transaction, workflow and capability of our solutions and deliver productivity free of compromise. To be resilient, we must proactively monitor and prepare for disruption to deliver continuous quality service.
Our approach to security must be comprehensive and embrace the key elements of security in our digital world, namely:
• Physical security • Logical/operational security • Behavioral security • Information security • Intellectual property protection • Privacy
So too, our efforts to drive world class resilience demands that we address, at a minimum, the following for each of our solutions and services offerings:
• Business continuity/disaster recovery • Anti-bribery and anti-corruption • Human rights/labor rights • Health and safety • Environmental sustainability • Trade & export controls
I propose that the path to earning that trust is to develop an architectural approach to security & resilience. Deploying a comprehensive architecture with effective prevention, detection and response mechanisms allows us to better understand, assess, and mitigate risk. Embracing the reality that our world is now a world of WE, not us and them, this architecture should apply to both third parties and our internal operations as well. Customers, international standards bodies, and global laws and regulations are increasingly demanding deeper scrutiny of how we operate, both within our enterprise and with our third-party partners. An architectural approach that establishes security and resiliency goals and requirements aligned with global standards and internal policies will allow you to manage the collective achievement of goals and adherence to requirements in direct partnership with our third party partners. Applying this architectural approach demonstrates a commitment to trust across all parts of the lifecycle of products and services, and ensures transparency and accountability for the enterprise, its third parties and its customers.
Final thought
Today, we all operate in a hyper-connected world. The growing complexity and opacity of our internal and external ecosystems has led to increased potential attack vectors, exacerbating the need for ever more vigilance, resilience, and security across and through these interconnected ecosystems. A comprehensive architectural approach to security and resilience is our pathway to build trust and meet the challenges of today’s platform economy.
