Issue link: https://securitytechnologyexecutive.epubxp.com/i/870734
www. SecurityInfoWatch.com • September/October 2017 • SECURIT Y TECHNOLOGY E XECUTIVE 41 To achieve that ideal state, organizations must adopt a process or methodology: A path to value ASG, my company, created a methodology 15 years ago called the ASG Path to Value. It has been instrumental in creating value for our clients. It also has fueled corporate growth and influence in the risk, resilience and security market. In this methodology, there are interlocking steps. Each step represents a professional discipline that is cultivated inside ASG. Each discipline is measured on their performance executing to their discipline as well as their collaborative partnership and com- munication with the other disciplines. My role in the ASG Path to Value demands a thor- ough knowledge of each step. But everything starts with the business of security within the business. We call this the 'Business Baseline' and it provides the client assurance we know their business, their core operating processes, their all-hazards risk and their alignment of value with their organization. We spend a great deal of time getting to know the busi- ness, their challenges and risks before we even start to work on a strategy to migrate their risk. Because of this, my team becomes intimately familiar with Security Operations Centers inside data centers; the velocity of change in their indus- try, the impact of emerging technology on how they organize their people within a process, and how they are impacting the competitive position of their organizations. There are two distinct business models for data centers. One is the Managed and Owned facility. This is where the SOC is dealing with the security of their own people and assets. The second model is focused on leasing space; sometimes just a cage. This model is experiencing rapid growth, in part, due to the new emphasis on big data and hosted and managed services. The latter model is built to be modified and tailored for retail space. However, the model has matured, in many cases, beyond selling racks and rooms. Data is critical to the success of their cli- ent's business model. The speed by which they can access the data, protect the data and create a force multiplier for the business are all value drivers for the model. Velocity, veracity, value. For ASG to be successful we need to be able to help our clients quickly adapt to fast-changing mar- ket and dynamic risk conditions. Our clients are being measured on Time-to-Value in the onboard- ing of their clients. How quickly you respond to a client's needs and how flexible you can be will help attract more clients. To help them we have created a minimum standard template which is our launch pad for innovation. Everything we learn through the ASG Path to Value within the market and with specific clients feeds the business and operational intelligence of our approach. But it always starts with knowing the business. And from there the business of risk and security." The template includes addressing such issues as: • Controlling traffic and access. We have to set up a workflow for access. How will the right people get to the right location at the right time? Then we can integrate the risk mitigation strategy in the context of the business. This can be challenging. We need to ensure we comply with the regulatory environment as well as the internal control standards. And yet give clients and visitors a smooth pathway to their intended stop. • The Perimeter. What kind of cameras will fit the workflow and the control standards? What kind of fencing is required to ensure a vehicle cannot blow through? • The Cyber threat. In reality, most compa- nies still have not converged the disciplines or the technology. It can be done, but it requires a better analysis of the productivity savings and the overall risk mitigation efforts to offer it to the business. There will be a day when we are asked to merge the risk picture and coor- dinate the analysis and the response. Today we have RFID on the credential, which allows access, tracks location and allows machine login to certain areas of the data halls and other secure areas. We also are asked to construct a data model that represents the workflow and the key decisions that need to be made at any given point in time. Con- sider this an intelligence roadmap. In this approach, we are constructing how situational intelligence is gathered through different databases and how it rolls up to an actionable response. For example, environmental conditions can impact a data centers Our clients are being measured on Time-to-Value in the onboarding of their clients.