THE Quote of the day for me personally is: "Basic IT hygiene is about reducing the complexity to the minimum".
Today a group of 10 top CIO's in Belgium joined us for an executive lunch organised with the support of Tanium and Raf Vanelderen. Thank you to all participants for sharing your great insights. The topic of the group discussion was Basic IT Hygience. The group offered many learnings, but the main take aways for me are:
Having a good view of what's happening in the environment and really understanding the connections between applications nowadays is harder than ever before. Highly performant tooling and well trained professionals are required. Many organisations are still not able to tell how many endpoints are connected to their network.
The innocence of cloud: small cloud solutions enter the environments through shadow IT and initiative taken by the business directly. Often these point solutions have massive consequences for the overall Cybersecurity posture. You're only as secure as the weakest link. Often this is the case because the IT security department is perceived as the department of NO.Highly performant security teams have managed to pivot to the department of YES.
Having fire extinguishers and fire insurance doesn't mean that you're house can't burn down. The executive committee has to be aware that spending the money will never give guarantees, but will reduce the risk to a minimum. Best practice is to assume that one day you will be hacked and need to resume business from scratch. Does your BCP cater for such a cyberthreat scenario? Does your business understand and accept the possible consequences of working in a degrade mode?
We can't only rely on the network layer anymore for security. Applications need to be designed and build from the start with security in mind
The insider threat and the risks of 3rd party access to systems is still significant and needs to be managed well.
Legacy is still an important part of the equation. One participant suggested that 40% of the IT change budget should be devoted to the reduction of the IT debt annually.