Intelligent CISO Issue 53 | Page 41


Agile IT : The role of the CISO in combatting the risks of the ‘ move fast , fail fast ’ culture

Agile IT must be implemented with due caution , says Taj El-khayat , Managing Director – South EMEA at Vectra AI .
Here he discusses the role of the CISO when it comes to balancing organisational agility with the need to ensure security is built into any new product / service from the ground up .
Taj El-khayat , Managing Director – South EMEA , Vectra AI
CC governments have

G staked their futures on technology . Digital Transformation is a prominent pillar of Saudi Arabia ’ s National Transformation Plan and features heavily in the very long list of economic diversification programmes initiated by the United Arab Emirates ’ ( UAE ) government . Throughout human history , technology has been largely indivisible from progress and now that a global pandemic has accelerated the steady march of digitisation to a teeth-rattling race , IT leaders have some decisions to make .

CIOs are currently being pulled in two different directions . First , businessoriented stakeholders are crying out for bigger , bolder , better experiences for customers and employees . They argue that if the enterprise cannot engage the customer , they will churn ; and if the enterprise cannot empower the employee , they will move on . Delivering digital experiences rapidly and continually has given rise to the latest overused buzzword in the technology lexicon : ‘ agility ’.
But while everybody on the business side appears obsessed with agility , risk-oriented stakeholders are pulling the CIO in another direction . CISOs are in this category . They understand the attraction of high-speed delivery , but they are seeing the business from a different angle . They watch as fellow technologists buy in to the concept of agility as the answer to everyone ’ s issues . The technology function can deliver more autonomy both to itself and to business users , rolling out low code and other tools to take the burden off backroom coders and free more skilled developers to enhance more technical aspects of the stack .
Risk escalation
But while appreciating the allure of this ‘ move fast , fail fast ’ paradigm , the CISO must remain operationally opposed . Software development that is performed in a ‘ race to the finish ’ environment may be great for time-to-market metrics and productivity . It may even be critical for smaller enterprises . But today ’ s CISO must judge these practices against recent trends . The IT environments they protect have undergone dramatic shifts in topology . Multiple domains now define the corporate network . And endpoints are scattered across controlled www . intelligentciso . com