Three security experts pull back the curtain during Cisco Live
Recently, we hosted a theater session at Cisco Live 2019 that brought together three senior security leaders: Bret Hartman (VP and CTO Security Business Group, Cisco), Charaka Goonatilake (CTO, Panaseer), and Jon Oberheide (Co-founder and CTO, Cisco Duo Security).
The role of the CTO
During the spirited discussion, everyone agreed: Today's CTO is challenged by the complexity, the number of technologies, and the shifts that are roiling the landscape -- especially the transition to a software-defined, hybrid infrastructure.
Security is a massive $100B category, fragmented across 30 to 40 subsectors, and each sector is characterized by best-of-breed point solutions.
Five years back, CTOs and CISOs were biased towards adopting best-of-breed solutions. However, this led to a massive problem: vendor sprawl. Very quickly, security teams realized SOCs were getting overwhelmed.
As Panaseer’s CTO Charaka Goonatilake said, “We see organizations can’t manage so many devices with so many alerts, even if they are best of breed. We need a single pane-of-glass solution that prioritizes the 10 or 12 actions I need to take across my infrastructure — both on-prem and in the cloud.”
The reality of a unified security architecture
As cloud adoption drives massive fragmentation, our panel of CTOs shared the view that CTOs are looking to simplify. They’re looking for a unified security architecture that provides a full horizontal view across all applications and workloads.
Though many dream of a unified architecture, experienced leaders like Duo Security’s CTO Jon Oberheide understand the reality is fuzzier. “The cloud is a double-edged sword,” Oberheide said. “We’re in a world where the developer has virtually unlimited resources and potential scale. All you need is a credit card, right? But you can skip a lot of steps when it comes to security.”
As we shift from a best-of-breed, multi-point paradigm to a unified architecture, CTO’s concerns will continue to be: Am I secure? How do I convey that to the board? What are the right metrics? How much control do I need? How do I get more visibility? We’re always searching for better solutions, paying attention to current trends, and seeking relevant innovations.
Final thoughts
Cisco VP and CTO of Security Bret Hartman is a 40-year veteran of the security business. He’s worked at the NSA. He was the CTO at RSA Security. He has seen it all.
Bret captured what’s going on in the mind of a CTO best when he said, “We’re always looking for that white space. Where do we go next? What should Cisco Security look like in two-to-four years that might disrupt what we have now? My primary method for answering these questions is spending massive amounts of time in the field with customers. I talk to many CTOs every week, and I learn from them because odds are those leading-edge customers are what the world is going to look like in a few years. I listen, I learn, and I get lots of advice. And sometimes the patterns are pretty obvious. It’s remarkable, for example, to witness the acceleration and adoption of enterprises running workloads in the cloud. Just a few years ago, CISOs were very reluctant. Now they're leading the transition, and they're looking for better security.”
Until next time, I look forward to hearing from you at pparthasarathi@cisco.com.