Choose Security You Can Count On
Responsiveness is a critical factor in vendor selection and account the essential requirements of a company’s security as well as budget criteria in an interview with CIOReview Gary Eppinger, Global Chief Information Security Officer (CISO) and Corporate Privacy Officer, Carnival Corporationy, explained impotance of an efficient cyber security for an organization.
The advent of technologies such as AI, IoT, blockchain, mobility and robotics are creating innovations at breakneck speeds and are scaling the peak of human history. However, debates about these significant technological changes having profound effects on the way we work, socialize and interact are gaining momentum. Indubitably, business models have transformed because of these advancements, but at the same time, security has risen to the top of the boardroom agenda globally.
A single breach can have a wide impact on an organization, resulting in reputational damage as well as financial damage
Gary Eppinger, global chief information security officer and corporate privacy officer for Carnival Corporation, shares his valuable insights on cybersecurity and the need for thinking outside the box when choosing an appropriate vendor. For context, Carnival Corporation is the world’s largest cruise company, with nine global cruise line brands. Its brand portfolio includes its namesake brand Carnival Cruise Line, Cunard, Holland America Line, Princess Cruise and Seabourn in the U.S.; AIDA Cruises in Germany; Costa Cruises in Italy; P&O Cruises in the United Kingdom and in Australia.
How critical is cybersecurity for your business?
In my opinion, cybersecurity is mostly a reactive component of businesses and should be addressed proactively as a strategy because of the underlying security risks. For us at Carnival Corporation, we are integrating cybersecurity into all areas of our business, including taking important steps for the future. From protecting our customers’ data related to day-to-day activities and interactions with our brands, to overseeing business strategies, we are constantly assessing and incorporating novel methods of security to protect our assets. As ours is a legacy sector, it is imperative for us to introduce newer technology-aided interactions for our customers while maintaining a legacy environment.
What do you expect from the vendors when it comes to enterprise security?
When it comes to enterprise security, the stakes are high, much as it is in choosing an appropriate vendor. A single breach can have a wide impact on an organization, resulting in reputational damage as well as financial damage. The fact is that cybersecurity is something that companies cannot afford to get wrong, and an expert partner can make all the difference in ensuring the safety of your business. But, with so many players in the marketplace and an array of security offerings, it can be a complex process to find the right partners that fit an organization’s needs. When it comes to choosing a vendor, my recommendation is to consider some of the most critical factors, including responsiveness, service range, accountability, longevity and financial viability.
Responsiveness is a critical factor in vendor selection. This aspect takes into account the essential requirements of a company’s security as well as budget criteria. The vendor’s ability to provide an in-depth range of services that cater to the security needs across various companies is a crucial consideration in selecting a solution. These can be specific services such as virtual private networks and firewalls, as well as threat and vulnerability management. Additionally, more advanced solutions like security information and event management (SIEM), identity access management and cloud security are included in this service. As the industry is looking for seamless integration that would help to mitigate threats caused by blackhats, vendors are looking for mergers and acquisitions. So, from a strategy perspective, we as an organization are looking for standardization. And this applies to almost every industry vertical.
We adopted this strategy because it enables us to leverage one tool for multiple purposes. With many solution providers offering security tools and services that have a range of functionalities, it is difficult to choose one that would exactly match a business requirement. This is where mergers and acquisitions help, providing access to tools and solutions that have seamless integrations and capabilities.
How does accountability become a critical facet while choosing a vendor?
Accountability becomes a concern when the data attains a monetizable value in the marketplace. This is true for all organizations because every company owns data that adds value to its business. It is essential that vendors accessing the firm’s network be required to sign contracts and other agreements that ensure compliance with organizational security policies. Actions taken to this end can protect both the customer and the vendor while mandating the latter’s accountability and responsibility for delivering security as a service. Certifications and industry credentials also matter. Proper research into the credentials, testimonials and certifications of the vendor enable companies to evaluate the depth of expertise and knowledge of a potential partner.
Cyber attacks have become automated processes that stay hidden for a while and strike when the time is right. Blackhats are using some of the most sophisticated technologies in the world to find a backdoor entry to a network. Deploying a global security team that ensures 24/7 cybersecurity coverage, monitoring and quick response regardless of location is the only way to prevent unauthorized network access perpetrated by cyber criminals. This real-time intelligence provides rapid threat detection and prevention.
Can you tell us about the cybersecurity model that you have adopted for your business?
Because we are focused on the tourism sector, we need to process a massive volume of customer data that includes their day-to-day activities, payments, feedback and billing, to name a few. It is essential for us to protect this customer data, as it seriously affects our business. From making payments through credit cards to submitting a feedback form, we take the protection and security of our customers’ information very seriously. We integrate the multiple acquisitions that we have done over the last 25 years into an environment that supports communication, collaboration and coordination.
Regulation and compliance practices across the globe are changing rapidly. Controls such as the General Data Protection Regulation (GDPR) put more responsibility on organizations and increase the rights of individuals. Besides expectations, compliance causes some concerns about the security teams. For instance, GDPR takes a comprehensive view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and social security number. We have incorporated security in every process that we implement in our company. SaaS is making things easier by providing services that can be easily deployed and implemented.