• United States




Do you know who the new Guardians of the Galaxy are? It’s the morally upright CISOs

Apr 16, 20186 mins
Data and Information SecurityIT LeadershipTechnology Industry

The digital consumer’s new best friend in large enterprises is the CISO – the custodians of the enterprise assets are now expanding their vision to include your and my data (at least the morally upright and forward-thinking ones)

Credit: Marvel's Guardians of the Galaxy TTG

If you have no clue what I am talking about I promise to make amends in a minute or less. Yes – I am referring to the amazing superheroes from the Marvel series who – and this is taken verbatim from Wikipedia – “form a team of interstellar heroes that will be proactive in protecting the galaxy, rather than reacting to crises as they happen.”

Well, the new galaxies in our digitized and artificially intelligent world are the Facebooks, Googles, Amazons and Alibabas of the world. And pay attention to that telling phrase “proactive in protecting rather than reacting to cries as they happen.

The image of a guardian conjures up images of celebrities or politicians with able-bodied musclemen scowling at everyone. But did you know that all of us consumers – anyone who uses Facebook – or any other app on a large platform – have a guardian as well? And this guardian may not be someone you have ever met (or ever will), you may even be surprised at the title she holds. And this bodyguard may not prevent bodily harm or injury, they will protect your most important asset – your data, which arguably may even be more important than your body in this digital age.

The consumer’s definition of security is dated and needs to be refreshed

For the longest time as consumers, our digital asset defense was laughingly limited to running anti-virus or for the more technically minded a home firewall to “protect” us from the bad. With the advent of the smartphone and other connected devices, this form of protection started showing signs of strain and not quite prepared to handle the onslaught of these connected devices. But arguably our most important assets were being siphoned unnoticed. What am I talking about? Our Google searches, our Alexa queries, our Facebook likes and our Tweets are all constantly being stored and analyzed in the cloud – specifically on the platforms that these large hub economies provide.

If you don’t see you then don’t care

And this critical data has not been given much attention to at all. It is important to understand why this may be the case. One possibility is that we can see our smartphones, laptops and there is a constant visual reminder of an asset that we cherish and therefore needs to be protected. Our data, on the other hand, is ephemeral and transient, coupled with an unconscious bias of trust that we have accorded the collectors of this data – the Facebooks of the world. But all that came crashing down the 2nd week of March, 2018 with the Facebook + Cambridge Analytica bombshell. Our trust was completely violated.

Cambridge Analytica + FB demystified

In summary this is what happened – a 3rd party Facebook app called “thisisyourdigitallife” – was able to worm its way beyond the 270,000 users that installed this nefarious app, to over 50 million users and gleaned a lot of data of this mammoth community! And the data was sold to Cambridge Analytica that used it to create Psychographic profiles including really intrusive behavioral tendencies like openness, neuroticism, life satisfaction, political views etc.

Our morally upright CISO – Alex

And the pushback against what was happening came from the unlikeliest sources inside Facebook. And that guardian – believe it or not – happened to be the CISO if Facebook – Alex Stamos.

Alex apparently wanted to come clean and inform the consumer – the world – about the leakage of this data and the failed attempts by Facebook to have this data deleted. And he lost and is now on his way out. Therein lies the hint of who the Guardians of these digital Galaxies may be. Yes – it’s the CISO or the Chief Information Security Officer.

The CISO’s mandate – redefined for the social age

This is not a unique situation of Alex or Facebook. Every large CISO is and will be faced with this dilemma. Why? Because the original mandate of the CISO – to protect the enterprise assets – is now no longer confined to that alone. Because the rampant collection of end-user data – yours and mine – means that the assets that need to be protected has exploded far beyond the original mandate and extends into this explosion of customer data. And this brings full focus to the dilemma that the CISO faces. She needs to either embrace (like Alex did) that the protection of the customer data is within her scope and needs to guard that zealously. And in the event of any breach, she needs to do the right thing to disclose the same right away. And even more far-reaching, limiting the amount of customer data collected as this reduces the aggregate amount data to be protected.

The battle lines inside an enterprise is becoming uncomfortably hot

But will this not pit her (or him) against the business folks who want this data to maximize insight and micro-targeting to drive revenues? Yes – since business goals are never about protecting consumer data (unless that is the business you are in) but rather collecting gobs of it, running algorithms and using predictive models for advancing the business goals. So, there will be two sides and the lines are getting drawn.

Is there a compromise that will keep us safe without data inundation?

Could there be a middle ground? I believe so. But that would require transparency – one that allows the end user to adjust the dial of what they are and are not willing to share and in exchange see the benefits for what they are sharing. But the moral and ethical guidepost remains that all the data that is shared will need to be protected at all times. And this protection would be entrusted to our new best friend – the CISO – the ones who are morally courageous, will be fighting a battle – a lonely one – to do the right thing. Like Alex did.

We are certainly entering an interesting era. One without past precedence and certainly looks to be a roller coaster ride. As consumers, let us give a shout out to the courageous #CISOs like Alex Stamos – who are putting their ethics and morals ahead of their careers and the business myopia. And these new guardians of the galaxy will be the saviors.

At least that is my hope!


Ashwin Krishnan is the COO of UberKnowledge, a cybersecurity knowledge sharing, training and compliance organization.

As a former vendor hi-tech executive in the cybersecurity and cloud domain he has turned writer, podcaster and speaker. His focus is on simplifying technology trends and complex topics such as security, artificial intelligence and ethics through enduring analogies which he shares on his blog and his talks. Ashwin is the author of “Mobile Security for Dummies,” and as a recognized thought-leader he contributes to a variety of publications, including Entrepreneur Magazine.

Ashwin is a regular host with CISOs on podcasts such as the Cyber Security Dispatch where he bridges the education gap between what the security practitioners need and what the vendors provide; as a tech ethics evangelist he is frequently on main stage at conferences educating and empowering consumers and vendors alike on the role of ethics in tech; his recent speaking engagements include the Smart Home Conference, Fog Computing Congress, and the Global AI Conference.

The opinions expressed in this blog are those of Ashwin Krishnan and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.