Best moments from “Hacking Sprawl” – CISO Series Video Chat

By
Andrew Freels
-

Here are five moments of our best moments from CISO Series Video Chat: “Hacking Sprawl: An hour of critical thinking about how to manage everyone’s ability to harness and deploy computing power.”

Watch the full video

Our guests from this discussion were:

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Kenna Security

Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most.

Best Bad Idea

Congrats to a mystery attendee for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Only allow provisioning requests to be approved on days when the Bitcoin price is up (so that budget will cover it).” – Michael Williams, director of product marketing, Laminar

“Combat data sprawl by deleting all data that is over 30 days old. Saves time and money – win win!” – Michael Williams, director of product marketing, Laminar

“Manage ‘accepted levels of sprawl,’ and allow up to 25 tools. When you pass that, the oldest one gets deleted/the contract is cancelled.” – Bryn Ossa, enterprise customer success manager, Elevate Security

“Company sprawl contest. Give every marketing and sales employee a $500 gift card and encourage them to purchase and install as many apps as possible. Winner gets a 1:1 dinner with the CISO.” – Dutch Schwartz, principal security specialist, AWS

10 percent better

“Do a financial audit to look for duplicate purchases against the same vendor and try to consolidate.” – Duane Gran, Director, information systems and security, Blue Ridge ESOP Associates

“Have a company wide ‘IT request portal’ that funnels all requests for software/products/platforms to be prioritized by business leaders for IT to procure/deploy/support.” – Jonathan Waldrop, senior Director, cyber security, Insight Global

“Incentivize managers to move these SaaS expenses to IT, thus relieving pressure on their own budgets.” – Dennis Huck, SVP technology and information security, Day One Agency

Quotes from the chat room

“There is a class of sprawl that is just disused, abandoned tech that the tech team forgot to decommission. Targeting this is a quick win to reduce risk (and reduce power consumption, so ESG win too) if you can spend some time on it.” – David Peach, CISO, head of information risk, The Economist Group

“Monitoring of tech spend on corporate payment cards is a legit way to detect this sprawl.” – David Peach, CISO, head of information risk, The Economist Group

“Sprawl is how the enterprise explores solution spaces. It exists because the effort/cost/delay of discovery is higher through centralized IT.” – Phil Wolff, co-founder, Wider Team