CISO Digital Transformation Summit US West | November 11-13, 2018 | Westin Kierland Resort & Spa - Scottsdale, AZ, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Sunday, November 11, 2018 - CISO Digital Transformation Summit US West

12:00 pm - 6:00 pm

Registration & Greeting

 

1:00 pm - 5:00 pm

Golf Tournament

Optional Activities

 

5:30 pm - 6:30 pm

Summit Networking Happy Hour

 

6:30 pm - 8:30 pm

Welcome Dinner and Panel

The Next Phase of Digital Transformation

Today's digital technologies quickly become commodities, and adoption of emerging technologies provides only temporary edge and differentiation. To stay ahead, you must think bigger and take bigger risks. Do not make the technologies themselves the focal point, but the profound business transformations they make feasible.

Moderated by:

Becky Wanta, COO & CIO, One Degree World View details

 
 

Panelists:

Julia Anderson, Global CIO, Smithfield Foods View details

 
 

Paul Moulton, EVP & CIO, Costco Wholesale View details

 
 

Paige Adams, Group CISO, Zurich Insurance Group View details

 
 

Dave Hudson, CIO, Veritiv View details

 
 
 

8:30 pm - 9:30 pm

After Dinner Networking

 

Monday, November 12, 2018 - CISO Digital Transformation Summit US West

7:00 am - 7:45 am

Registration and Networking Breakfast

 

7:50 am - 8:00 am

Welcome Address and Opening Remarks

 

8:00 am - 8:40 am

Keynote Presentation

Security's Place in Enterprise Risk Management

While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.

Takeaways:

  1. Just because information security is an aspect of enterprise risk doesn't mean that the CISO needs to take a back seat position
  2. Enterprise risk is defined by the business but needs to be quantified by an expert; CISOs bring risk quantification expertise to the table
  3. The end goal is not about fiefdoms and ownership, it is about improving enterprise value and success; maintaining focus is essential

 

8:45 am - 9:20 am

Keynote Presentation

Case Studies in Digital Transformation: Learnings Along the Journey

We will explore key learnings from various industries and verticals on the good, the bad and the ugly of digital transformation. We will have an opportunity to not only be exposed to successful use cases, but also ask the hard questions behind those successes.

Takeaways:

  1. One of the best ways to learn is to hear the stories of success (and failure) from companies similar to yours.
  2. Asking questions of HOW the journey unfolded are just as important as the end result.

 

9:25 am - 10:00 am

Keynote Presentation

Digital Transformation: A Journey Not a Destination 

There are many forces that are driving companies to continue to transform how they do business. Technological advances such as IoT, AI, machine learning, virtual reality and augmented reality are creating demanding expectations from customers, employees and boards. Adding to the complexity of CIOs and CISOs is the increasing threats to the security of the data that is at the heart of digital transformation. This keynote presentation will focus on the realities that this transformation will never end and it is critical to implement both the mindset and processes to treat digital transformation as a journey...not a destination. 

Takeaways:  

  1. It is critical to realize that digital transformation will never end, but will always be unfolding. 
  2. CIOs and CISOs must implement processes to ensure that not only their departments are forward thinking, but that their entire company is aware of what new technologies can bring to bear for customers and employees.

 

 

10:00 am - 10:15 am

Morning Networking Coffee Break

 

10:20 am - 10:45 am

Executive Exchange

 

Think Tank

Data Security: Cloud Computing, Mobility and Regulations

Sensitive data is being moved into the cloud and accessed by remote or mobile users over public or unsecured networks. As a result, the perimeters of security have to focus on particular control points like identity and data security. CISOs need to know where the sensitive data is, who has the ability to access it, and how well it is actually being protected. Data security priorities are also incredibly heightened by regulations and compliance, such as the launch of GDPR in May. 

Presented by:

Nashira Layade, CISO, Realogy View details

 
 
 

10:50 am - 11:15 am

Executive Exchange

 

Thought Leadership

Knowing Is Half the Battle - Protecting Applications & Their Sensitive Data

Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality - not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.  

A real-time, embedded solution like Prevoty's runtime application self-protection (RASP) changes the game completely. Prevoty places an automated security mechanism at the front of the line - directly in the application's operating environment - to immediately lower risk and act as a compensating control at runtime. 

As such, Prevoty-enabled enterprises see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Prevoty RASP detects live production attacks and generates real-time security event longs and reports. Security teams can then correlate pre-production vulnerability scan results with Prevoty's runtime attack logs to go back, remediate based on actual risk - not just hypothetical threats. The result? Improved forensics. 

Sponsored by:

Prevoty, Inc. View details

 
 
 

11:20 am - 11:45 am

Executive Exchange

 

Executive Boardroom

Big Data Analytics - A Fundamental Shift

We have moved from an information-poor to an information-rich society. Practically unlimited availability of data, computing, networking, and socio-mobile connectivity are fundamentally altering our world. In particular, they are enabling businesses to become more effective and efficient by using big data analytics - collecting all relevant data and automating their processing to drive decision-making. This represents a fundamental shift from traditional business analytics where limited amount of structured data is batch-processed to produce standard Business Intelligence reports. We will assess the current state of big data analytics, technology and business trends, and their enormous implications to the future of all businesses.

Takeaways:

  1. How Big Data analytics is different from traditional business analytics
  2. What businesses are getting out of big data analytics
  3. Why Big Data analytics will become critical to every business

Sponsored by:

KnowBe4, Inc View details

 
 

Executive Boardroom

Finding the Right Security Partner: The Difference Between MSSP and MDR

In today's world of increasing cyber threats, selecting the best security partner for your organization can be challenging. With innovative services such as Managed Detection and Response changing the way organizations respond to threats, it's important to understand the difference between traditional MSSPs and MDR providers. This presentation will focus on the realities of using MSSP technologies versus MDR and provide selection recommendation guidelines for CISOs. 

Takeaways: 

  1. Vendors can respond to incidents proactively or reactively  
  2. Not all MDR vendors are the same 
  3. Use a proof of concept to authenticate vendor claims  
  4. Validate the vendors regulatory experience

Sponsored by:

eSentire View details

 
 
 

11:50 am - 12:15 pm

Executive Exchange

 

Think Tank

Measure What Matters- Using FAIR to Manage and Report Risk

As security and technology leaders we often get wrapped up in maturity assessments and qualitative risk metrics that border on guessing.  We've all had a goal of "maturity level 3"at some point in our careers, but what in the world does that mean?  How did someone come up with that?  Instead of playing the guessing game, lets establish some real criteria. How much risk are we comfortable with as a business? How are we developing our controls, spending our money, to manage to that risk tolerance appropriately? Using FAIR, and thinking about the problem a little differently, we can more efficiently spend our budgets and more accurately manage risk.  We'll talk through a few real world risk examples and show some metrics examples to allow for better risk discussion and management.

Presented by:

Matthew Martin, VP Information Security and Technology Risk, LPL Financial View details

 
 

Think Tank

Which

It is not a matter of if, but a matter of when. Organizations, more and more, and are outsourcing business activities to 3rd-parties because of cost-savings, revenue opportunities, expertise, etc. Thus collaborating with our business partners early to select the right 3rd-party vendor(s) with the appropriate security posture is essential, especially for vendors hosting, processing and/or transmitting sensitive/regulatory information, or having access to our IT assets.

Presented by:

Alex Wood, CISO, Pulte Group View details

 
 
 

12:15 pm - 1:30 pm

Networking Luncheon and Panel

Charging Ahead: Speeding Up Transformation Through Disruption

Disruption alters, destroys, but also creates value. You realize the need to act once revenue starts to shift, which is happening at a faster pace than most would think. Disruption can be a great thing if you act upon it, but it's a threat if you watch idly. We will discuss how CIOs and CISOs can be proactive and act on disruption by figuring out how to identify, prioritize and respond.

Moderated by:

Becky Wanta, COO & CIO, One Degree World View details

 
 

Panelists:

Sunil Lingayat, Chief of Cyber Strategy and Technology, T-Mobile View details

 
 

Michael Golz, CIO, SAP

 

Scott Spradley, EVP & CTO, Tyson Foods View details

 
 

Donna Kladis, CIO, Techtronics Industries View details

 
 
 

1:35 pm - 2:00 pm

Solutions Spotlight

Deep dives into the latest and greatest technology solutions to today's business problems.

 

2:05 pm - 2:30 pm

Executive Exchange

 

Executive Boardroom

Year of the Defender - Cybersecurity Predictions for 2018 

Cybersecurity dominated the news cycle in 2017. There were headlines about viral ransomware, global destructive wipers posing as ransomware, leaks of spy tools from U.S. intelligence agencies, and breaches at major companies.  

What does 2018 hold in store for the defenders? Come discuss the largest security trends Cybereason researchers have identified for 2018.

 

Sponsored by:

Cybereason View details

 
 

Executive Boardroom

Navigating Security and Risk In a Changing IT Landscape 

Agile, DevOps, containers, microservices, the cloud are all seeing increased adoption across the enterprise. But, while there are valid business reasons to embrace these new models, there is potential risk in implementation. Is this change necessary? If so, how can this change be accommodated effectively, safely? This session will cover some common elements of the risk of change - and of not changing - and suggest approaches to minimize risk as you adopt these new technologies. 

Takeaways: 

  1. The IT Landscape will continue to change leading to new processes, new technologies and new "standard" ways of doing IT business 
  2. This changing Landscape will present security challenges where you will need to balance the "pain of same" vs the "pain of change"

 

Sponsored by:

Accellion View details

 
 
 

2:35 pm - 3:00 pm

Executive Exchange

 

Think Tank

Designing a Digital Workplace: Balancing Security with Effectiveness

Employees are consumers of digital technologies such as IoT, AR and VR. The plethora of mobile devices has enabled them to work where they want and when they want which has raised the bar on employee expectations for tools and capabilities from their employers. In order for companies to retain the best and get the most out of their employees, it is vital to design and continually update the digital workplace. We will discuss the current trends as well as share case studies of successful digital workplace implementations including how to deal with the inherent security risks of expanded accessibility to company resources.

Presented by:

Mark Van Holsbeck, CISO, Avery Dennison View details

 
 
 

3:05 pm - 3:30 pm

Executive Exchange

 

Thought Leadership

Big Data is all about the Cloud

Of the four disruptive technologies, Cloud and Big Data are the two most top of mind for CIOs, the former because it has the potential to enhance agility and productivity while enabling efficiencies and reducing costs and the latter because it derives insights that drive competitive advantage and increases revenues. As the two continue to grow in relevance and importance to enterprise IT, and indeed to the enterprise as whole, it is only natural that they begin to intersect with the cloud becoming the optimal platform for the delivery of Big Data capabilities, either in-house through the use of IaaS/PaaS or out-of-house through SaaS or Analytics as a Service. IT departments and the CIOs that lead them then need to look to their Big Data and Cloud strategies and determine how best to align them to leverage the advantages where the whole is greater than the sum of the parts.

Takeaways:

  1. Cloud computing is a fundamental enabler of big data and advanced analytics capabilities
  2. IT can, and must, become a leader in enterprise analytical capabilities by becoming a broker of cloud services
  3. Cloud can benefit big data and analytics in a variety of ways with a variety of different delivery models each scaled to individual needs
 

3:30 pm - 3:45 pm

Afternoon Networking Coffee Break

 

3:50 pm - 4:15 pm

Executive Exchange

 

Think Tank

AI and ML: Using Emerging Technologies to Reinforce Security Defense Efforts

Artificial Intelligence (AI) and Machine Learning (ML) both have the capability to greatly improve upon security decision making and incident pattern recognition. CISOs can improve upon being able to recognize exploits and weaknesses within their network by using the advancements of these technologies. With hackers using AI and ML to create malware, adopting these technologies to stay ahead of advanced threats has become a matter of high importance.

Presented by:

Paul Black, VP Cyber Security Operations, McKesson View details

 
 

Think Tank

Patch Management and Endpoint Protection, Diminishing the Advanced Threats

In today's digitally connected world, there's a good chance your information has been exposed at some point. Last year, we saw major data breaches from companies across several industries as a result of ransomware attacks. Ransomware attacks and zero-day exploits have greatly stressed the importance of patch management, endpoint protection or Next-Gen Antivirus (NGAV) to all information security professionals. At a time when cybercriminals are constantly seeking weaknesses in firmware and applications, patching is increasingly crucial. Conclusively establishing your patch management process and having an endpoint protection product should be a high priority.

Presented by:

David Whipple, CISO, Apple Leisure Group View details

 
 
 

4:20 pm - 4:45 pm

Executive Exchange

 

Innovation Partners Showcase

A brief, but compelling review of three new innovative technologies supporting digital transformation.

 

4:50 pm - 5:30 pm

Executive Visions

Securing the Human Factor

The biggest fear is not the technology, it is the mistakes made by the people using the technology that could potentially lead to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?

Moderated by:

Barbie Bigelow, CIO, Jacobs Engineering

 

Panelists:

Joel Lowe, CISO, Sonic Automotive View details

 
 

Jamie Neumaier, CISO, Erie Insurance Group

 

Jim Kastle, CISO, ConAgra View details

 
 

David Nagel, CISO, Genuine Parts Company View details

 
 
 

5:30 pm - 6:30 pm

Summit Happy Hour

 

6:30 pm - 8:00 pm

Networking Dinner and Panel

From the War Room to the Board Room; Communication is the Key

Digital transformation is changing how you equip your employees and how your company interacts with customers. It is also changing the role of the CIO and CISO to be a business leader and internal sales leader for transformation. CIOs are now responsible for communicating strategies and recommendations to CxOs, boards and key stakeholders within a company. Join us, during dinner, for a passionate panel discussion with your peers as they share how they are successfully communicating internally to accomplish the company's goals.

Moderated by:

Becky Wanta, COO & CIO, One Degree World View details

 
 

Panelists:

Kevin Summers, Group CIO, Avnet View details

 
 

Kamran Ziaee, CIO, CenturyLink View details

 
 
 

8:00 pm - 9:30 pm

After Dinner Networking

 

Tuesday, November 13, 2018 - CISO Digital Transformation Summit US West

7:00 am - 8:00 am

Networking Breakfast

 

8:05 am - 8:45 am

Keynote Presentation

IT Integration in a Distributed IT World

It's no secret - the integration of disparate systems, disparate applications, and disparate data stores has long been one of the biggest challenges faced by the IT department. Simply put, getting everything to talk to everything is no easy task. The rapid adoption of cloud delivered services has compounded this problem almost exponentially - if it was hard to integrate when you controlled the whole stack it has become nearly impossible when you control very little of it. To be efficient and effective IT departments need to adopt a new model of system, application, and data integration. Endless webs of one-off point-to-point integrations simply won't cut it anymore and a purposeful, structured approach is required.

Takeaways:

  1. Learn how to build a holistic strategy to integrate systems, applications, and data
  2. Understand how to leverage SOA and ESB to streamline app to app communications
  3. Discover the power and impact of holistic Master Data Management and other data integration processes
 

8:50 am - 9:25 am

Keynote Presentation

Addressing Privacy on a Global Scale

Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.

Takeaways:

  1. Privacy is one of the most challenging issues for any business and CISO to address
  2. The difference in regulations between and among European countries (both those in and out of the EU itself) and North American ones means traversing a fraught landscape
  3. A strong approach to privacy that addresses global differences is essential to being a stable and viable global business
 

9:30 am - 9:55 am

Executive Exchange

 

Thought Leadership

Machines Are Friends Not Foes: Using Cognitive Computing to Assess Threats

Popular movies, books and television shows typically position advanced technology as a threat to humanity and all we hold dear. Yet Cognitive Computing technologies such as Artificial Intelligence (AI), Machine Learning (ML), Natural Language Processing and Augmented Reality (AR) are helping CIOs and CISOs make better decisions faster. We will discuss how Cognitive Computing can help us navigate the acceleration of activity and decisions that we are experiencing on our Digital Transformation journeys.

Takeaways:

  1. New Cognitive Computing Technologies can be unnerving and difficult to trust
  2. Used properly, Cognitive Computing Technologies such as AI, ML and AR can provide data to humans in such a way to enable us to better prioritize the decisions we must make and make those decisions more effectively
 

9:55 am - 10:10 am

Morning Networking Coffee Break

 

10:15 am - 10:40 am

Solutions Spotlight

Deep dives into the latest and greatest technology solutions to today's business problems.

 

10:45 am - 11:10 am

Executive Exchange

 

Think Tank

CISO's Got Talent: Finding, Growing & Retaining the Best People

While new technology and solutions can help CISOs make more, faster and better decisions for an organization, nothing will take the place of a highly talented workforce. CISOs need to be great recruiters of talent but even more importantly growing the skills and capabilities of their team providing engaging and challenging opportunities for people. Competitive compensation is important for retaining great talent but so is a work environment where individual growth and development are front of mind and not an afterthought.

Takeaways:

  1. Highly skilled employees want an environment where they can grow their skills and feel appropriately challenged
  2. Finding the best people, inside and outside of your company, and then providing a path to individual excellence is a key responsibility of CISOs

Presented by:

Allyn Shaw, Managing Director, COO Global Information Security, Bank of America

 
 

11:15 am - 11:40 am

Executive Exchange

 

Think Tank

Shifting Security LEFT

Migrating operational aspects of the Software Supply Chain to the left ensures that concerns are represented as design constraints before they represent too much burden, debt or complexity.  For security practitioners, shifting left is a complete nirvana because it represents the opportunity to see better security in products sooner.  Essentially, security becomes a design constraint.  The shift-left paradigm is also consistent with messaging that requires security to be built into software instead of being bolted on.  

Presented by:

Brian Mork, CISO, Celanese View details

 
 

Think Tank

Navigating Security and Risk In a Changing IT Landscape

Agile, DevOps, containers, microservices, the cloud are all seeing increased adoption across the enterprise. But, while there are valid business reasons to embrace these new models, there is potential risk in implementation. Is this change necessary? If so, how can this change be accommodated effectively, safely? This session will cover some common elements of the risk of change - and of not changing - and suggest approaches to minimize risk as you adopt these new technologies.

Presented by:

Dennis Spalding, CISO, Insight Enterprises

 
 

11:45 am - 12:20 pm

Closing Keynote

Shadow IT - To Embrace or Eliminate?

Best practice in most enterprises, at least as far as the CIO and CISO goes, is to squash Shadow IT wherever it is encountered. Shadow IT, the argument goes, leads to a world of data and integration problems for the IT department, and significant amounts of unknown and unquantifiable risk for the information security group. A small but vocal minority however is beginning to advocate for Shadow IT as a catalyst of innovation, citing the increases in productivity and creativity by allowing enterprise staff to find their own out of the box solutions to organizational problems. CISOs can allow their organizations to have their cake (Shadow IT) and eat it too (still be secure) by following a few simple steps that allow them to build in security regardless of user activity.

Takeaways:

  1. Shadow IT is not malicious activity; it is simply the Line of Business user community looking to be efficient and effective
  2. A well-developed security program can take Shadow IT into account and incorporate protection mechanisms that allow end user flexibility
  3. Embracing Shadow IT does not mean no holds barred and end users need to understand the limit of the boundaries and the reason for their existence

Presented by:

Rich Armour, CISO, General Motors

 
 

12:25 pm - 1:00 pm

Networking Luncheon