Building trust now priority number one for the CISO — Dropbox Business Blog UK

Now reading Building trust now priority number one for the CISO
Share 
26 March 2018 — 5 min read

Building trust now priority number one for the CISO

“Trust is the new currency in business. There is a new aggressiveness in the market that means winning new business and keeping customers happy relies upon your integrity.”
Denis Onuoha, CISO, Arqiva

As any CISO knows, the job doesn’t end when you leave the office. It’s a full-time commitment, an exercise in building trust and rigour. To keep your organisation safe and running smoothly, you must be extra vigilant and be prepared for almost anything. Which is why when we caught up with Denis Onuoha, CISO at Arqiva, a British telecommunications company which provides infrastructure and broadcast transmission facilities to the country’s leading broadcasters, we were intrigued to hear how he runs his department.

Entrusted with the nation’s broadcast infrastructure, the security of Arqiva’s networks is critical. “We are at the forefront of communications infrastructure but we are the people behind the scenes making connections happen,” explains Denis. “We help millions of voices to reach billions of eyes and ears through TV, radio, mobile and WiFi. And, we work with everyone from mobile network operators to independent radio groups and major broadcasters such as the BBC, ITV and BSkyB. Therefore, security is a top priority for everyone, not just me.”

“I started life working as a systems analyst and security expert in the finance sector in private banking,” says Denis. “The importance of security was ingrained within me right from the start. It gave me valuable insight into how best to approach my work at Arqiva and primed me for the challenges ahead.”

When asked to outline the challenges his team faces at Arqiva, Denis explained how his large team is broken down into four distinct remits. “We have a group that focuses purely on our internal security program and its delivery,” says Denis. “We have a cyber security department that offers technical security consultancy and pre-sales support to our customers. Then we have what we call the Red Team, who spend their days trying to hack into our network ensuring that we are as secure as possible. And finally, we have security awareness specialists focusing their energies on keeping us ahead of the latest threats.”

“I am also the Chair of the Association of International Broadcasters Cyber Security Working Group,” says Denis. “The group was set up to help broadcast journalists stay safe in the field and to improve the maturity of the industry and increase security. It means I am privileged to work with manufacturers to create security-first kit and technology while working with other extraordinarily intelligent people. We come together and share ideas and information to help keep the industry as safe as possible.”

We asked what he felt the biggest challenges facing UK businesses were and if he had any advice in how to tackle them. Here is what he had to say:

1. Overcoming the skills gap

“The industry evolves rapidly so finding the necessary talent to fill gaps in the team is becoming increasingly difficult,” says Denis. “But, that is only half of the problem. The other side to overcoming this challenge is to educate your business as much as you can. It is your responsibility as CISO to communicate and to instil security at your organisation.”

We have talked about this very topic on the blog recently, explaining how your employees can become a shield to cyber attacks. “My advice is of course to implement password standards and to look deeply at the technology your teams use and make that safe,” continues Denis. “And then adopt a risk-based approach to your security. By that I mean, evaluate the risk of not doing something and use that to guide your priorities and resource.”

2. Giving your teams the tools they want

“The prevalence of mobile and cloud technologies means that there has been a proliferation of tools and people will use what they want to use,” says Denis. “This presents a significant challenge for security teams. It means that the border of the network extends exponentially as each department has its own industry standard tools and they all want to work together.”

“But, it is getting easier and businesses are understanding this challenge more and more,” says Denis. “My advice would be to give people access to cloud services and secure the device. With controls like encryption, One-Time Passwords, and remote-wipe, you can rest safe that your information and networks are safe.”

3. Make security part of your customer lifecycle management

“We are ISO 27001 accredited and our customers audit us regularly to ensure that we are compliant and that we place security at the heart of everything we do,” says Denis. “Companies have to be transparent these days. If you are trusting a business with your personal data, it is critical that business can demonstrate first-class data management. Trust is the new currency in business.”

The biggest advantages of taking these factors into consideration is the elevation of the credibility of your brand. “There is a new aggressiveness in the market that means winning new business and keeping customers happy relies upon your integrity,” explains Denis. “It is too easy now for customers to get what they want somewhere else.”

As a final comment, Denis gave us some more tactical advice: “Trust works both ways, between you and your customers. This extends throughout the supply chain so make sure you work with your suppliers to ensure that the highest possible level of service and security can be met. Conduct regular checks on your processes and technologies. Get the basics right and it should be much easier to implement the more advanced security and compliance and build trust.”

 

More Industry Stories

Please note: Sometimes we blog about upcoming products or features before they're released, but
timing and exact functionality of these features may change from what's shared here. The decision to
purchase our services should be made based on features that are currently available.