This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.theguardian.com/media-network/2015/mar/24/business-computer-security-white-house
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| What can business learn from IT security at the White House? | What can business learn from IT security at the White House? |
| (35 minutes later) | |
| There is a clear distinction in objective between a for-profit corporation and for-the-people government agency. This is especially true when it comes to trying to compare a business to one of the highest profile governmental offices in the US, the White House. But if the IT professionals in the two groups began a dialogue, what could be gleaned? | There is a clear distinction in objective between a for-profit corporation and for-the-people government agency. This is especially true when it comes to trying to compare a business to one of the highest profile governmental offices in the US, the White House. But if the IT professionals in the two groups began a dialogue, what could be gleaned? |
| I had the privilege of catching up with Dr Alissa Johnson, the former deputy CIO for the Executive Office of the White House to get her insight on lessons learned from her years there. Johnson, who playfully likes to be called Dr J, recently vacated the position and is now the CISO of Stryker. She has had a long career, both in the private and public sector, and knows well the challenges that come with both. | I had the privilege of catching up with Dr Alissa Johnson, the former deputy CIO for the Executive Office of the White House to get her insight on lessons learned from her years there. Johnson, who playfully likes to be called Dr J, recently vacated the position and is now the CISO of Stryker. She has had a long career, both in the private and public sector, and knows well the challenges that come with both. |
| Related: Managing a cyber attack: tips for businesses – live Q&A | |
| What was the best part about being in technology at the White House? | What was the best part about being in technology at the White House? |
| It’s a totally different culture than the private sector. Your users are some of the most impactful people in the world. To be able to serve and enable the President’s office is exhilarating, but to do that in a secure manner is a challenge. For example, the threat profile can change hourly. It’s that fast-paced change that makes it so fun to work at the White House. We have to be careful about what we implement and how we protect it. | It’s a totally different culture than the private sector. Your users are some of the most impactful people in the world. To be able to serve and enable the President’s office is exhilarating, but to do that in a secure manner is a challenge. For example, the threat profile can change hourly. It’s that fast-paced change that makes it so fun to work at the White House. We have to be careful about what we implement and how we protect it. |
| How have your years at the White House shaped your view on security? | How have your years at the White House shaped your view on security? |
| I have years of experience with the NSA, FBI, Lockheed Martin and others. I’ve been involved with cyber security for years. So, I don’t know if the White House has shaped my views; rather, the position has given me additional experience. But working in a political atmosphere has definitely placed it in a political light. Everything carried the possibility of political spin angst. Every decision is under scrutiny because the budget structure is so different. I could prototype something at the NSA – can’t do that at the White House. If you prototype and throw it away if it doesn’t meet your needs at the White House, that would be viewed as wasting taxpayers’ dollars. | I have years of experience with the NSA, FBI, Lockheed Martin and others. I’ve been involved with cyber security for years. So, I don’t know if the White House has shaped my views; rather, the position has given me additional experience. But working in a political atmosphere has definitely placed it in a political light. Everything carried the possibility of political spin angst. Every decision is under scrutiny because the budget structure is so different. I could prototype something at the NSA – can’t do that at the White House. If you prototype and throw it away if it doesn’t meet your needs at the White House, that would be viewed as wasting taxpayers’ dollars. |
| For example, we looked at iPads and tablets and said, “wow, for the same price point or cheaper we can replace a lot of ageing hardware”. In my mind I thought, “let’s replace laptops with tablets, then everyone is more mobile, especially those who are traveling a lot”. But, there is the perception of the American people, who are not technologists, and who may not see it the same way. They may think, “I’m having a hard time paying my bills and they are using new iPads at the White House?” That perception has to be taken into consideration when it comes to technology spend. | For example, we looked at iPads and tablets and said, “wow, for the same price point or cheaper we can replace a lot of ageing hardware”. In my mind I thought, “let’s replace laptops with tablets, then everyone is more mobile, especially those who are traveling a lot”. But, there is the perception of the American people, who are not technologists, and who may not see it the same way. They may think, “I’m having a hard time paying my bills and they are using new iPads at the White House?” That perception has to be taken into consideration when it comes to technology spend. |
| Where do you think these learnings are applicable in business? | Where do you think these learnings are applicable in business? |
| I’ve learned a lot about customer service at the White House. The president has been my number one customer. The need for a presidential approach to customer service easily translates to any other industry. How you should handle and view the customer’s data should be the same as well. When you peel back all the surface layers, whether it’s in intelligence, healthcare, or sports and entertainment, it is the data that is most important. | I’ve learned a lot about customer service at the White House. The president has been my number one customer. The need for a presidential approach to customer service easily translates to any other industry. How you should handle and view the customer’s data should be the same as well. When you peel back all the surface layers, whether it’s in intelligence, healthcare, or sports and entertainment, it is the data that is most important. |
| When it comes to protecting data, government doesn’t need to work in a vacuum and neither does business. The compromises that are happening at companies such as Sony, Target and Home Depot aren’t because they are the only ones being targeted. We are all being targeted. We are all susceptible to attack. We are all getting spam and phishing emails. We need to create a dialogue between government and business so we can all get better at protecting the data. | When it comes to protecting data, government doesn’t need to work in a vacuum and neither does business. The compromises that are happening at companies such as Sony, Target and Home Depot aren’t because they are the only ones being targeted. We are all being targeted. We are all susceptible to attack. We are all getting spam and phishing emails. We need to create a dialogue between government and business so we can all get better at protecting the data. |
| Where do you think the White House is limited from a technology perspective where businesses are free to go? | Where do you think the White House is limited from a technology perspective where businesses are free to go? |
| The office of the president has to follow the Presidential Record Act. Everything that has been shared, be it email, media or memos has to be saved. Every technology I bring in, I have to think about storage. I need to keep it for at least four to eight years, then all goes to national archive. Now, when you think about the “internet of things” - if I decide to wear a Fitbit, I have to keep the data. The number of steps you take might be a presidential record. Obama’s first term generated more data than both of George Bush Jr’s. The data is only going to grow exponentially. The enterprise usually doesn’t have that level of data lifecycle to maintain. | The office of the president has to follow the Presidential Record Act. Everything that has been shared, be it email, media or memos has to be saved. Every technology I bring in, I have to think about storage. I need to keep it for at least four to eight years, then all goes to national archive. Now, when you think about the “internet of things” - if I decide to wear a Fitbit, I have to keep the data. The number of steps you take might be a presidential record. Obama’s first term generated more data than both of George Bush Jr’s. The data is only going to grow exponentially. The enterprise usually doesn’t have that level of data lifecycle to maintain. |
| Do you think that a tech threat at the White House or in the private sector would have a bigger impact? | Do you think that a tech threat at the White House or in the private sector would have a bigger impact? |
| The effect on people in the private sector for sure. Think about banking, the New York Stock Exchange, subways or rail systems. These are a much bigger threat. Think of the nationwide terror that would happen if banking or healthcare were seriously disrupted. What if there was a virus that swept through life support machines? Imagine the panic. | The effect on people in the private sector for sure. Think about banking, the New York Stock Exchange, subways or rail systems. These are a much bigger threat. Think of the nationwide terror that would happen if banking or healthcare were seriously disrupted. What if there was a virus that swept through life support machines? Imagine the panic. |
| What is ironic is the Fortune 500 companies have the opportunity to go faster and be more secure if they put their minds to it. Sony doesn’t have any rules or regulations to make them do anything one way or another. However, they are not implementing their technology securely. Which is why you see cyber security legislation. Fortune 500 companies are finding themselves in the backseat when it comes to being on the forefront of security. There are so many groups in government that meet weekly to talk about threats. Is that happening with the Fortune 500? Is there a way to share all this security information externally in an efficient manner? | What is ironic is the Fortune 500 companies have the opportunity to go faster and be more secure if they put their minds to it. Sony doesn’t have any rules or regulations to make them do anything one way or another. However, they are not implementing their technology securely. Which is why you see cyber security legislation. Fortune 500 companies are finding themselves in the backseat when it comes to being on the forefront of security. There are so many groups in government that meet weekly to talk about threats. Is that happening with the Fortune 500? Is there a way to share all this security information externally in an efficient manner? |
| How do you think your time in the White House will strengthen your skill set as you transition back into the private sector? | How do you think your time in the White House will strengthen your skill set as you transition back into the private sector? |
| The White House works at a different pace - so fast moving. You need to be succinct and clear with decisions and communication. You have to be able to translate requirements up the chain of command quickly and clearly. In going back to the private sector I’ve got to be able to translate cyber security back to a board, to an organisation, who may not be used to even simple cyber security processes. I’m coming from an organisation that is really tight and secure. We did a lot to make sure we were doing the best. There are lots of ideas and methodologies that were successful that I can take to the private sector. I have so much tech knowledge to share with the private industry – and I know I will continue to grow there. | The White House works at a different pace - so fast moving. You need to be succinct and clear with decisions and communication. You have to be able to translate requirements up the chain of command quickly and clearly. In going back to the private sector I’ve got to be able to translate cyber security back to a board, to an organisation, who may not be used to even simple cyber security processes. I’m coming from an organisation that is really tight and secure. We did a lot to make sure we were doing the best. There are lots of ideas and methodologies that were successful that I can take to the private sector. I have so much tech knowledge to share with the private industry – and I know I will continue to grow there. |
| To get weekly news analysis, job alerts and event notifications direct to your inbox, sign up free for Media Network membership. | To get weekly news analysis, job alerts and event notifications direct to your inbox, sign up free for Media Network membership. |
| All Guardian Media Network content is editorially independent except for pieces labelled ‘Advertisement feature’. Find out more here. | All Guardian Media Network content is editorially independent except for pieces labelled ‘Advertisement feature’. Find out more here. |
Previous version
1
Next version