During a recent panel discussion at the Information Systems Security Association (ISSA) conference in Anaheim, Calif, leading CISOs agreed big changes are afoot in their organizations -- and resistance is futile.
Among other things, they expressed concern with the tight IT security job market and how millennials are forcing a major cultural shift in the enterprise.
CISOs also said they face significant budget pressure, and no sector is immune. "If you are in the healthcare industry you are in the midst of serious economic change," said Eric Cowperthwaite, chief security officer at Providence Health & Services, who spoke at the Embracing Change panel, moderated by Bob Bragdon, publisher, CSO Magazine and CFOworld.com. Panelists also included Jack Jones, former senior VP and CISO, Huntington Bank; Tammy Moskites, VP and CISO at Time Warner Cable and Robert Pittman, CISO at County of Los Angeles.
More from Eric Cowperthwaite: " Providence Health CSO on Recovering From HIPAA Violations"
For instance, while it was once widely assumed that the healthcare industry was immune to economic downturns, the recent recession has proven such notions untrue, Cowperthwaite explained. "It turns out that long term unemployment impacts healthcare. That's driving us to think about how to provide care when we have to provide a lot more care for people who don't have means to pay for it."
The financial industry is also feeling the squeeze. "Financial institutions have had their profit margins squeezed so thinly it affects everything we do, including access to resources," said Jones. "The threat landscape and the number of external regulations also squeeze resources so that we have to do more with less."
"The new generations, they were born into computers," said Pittman. "They've always known mobile computing, the iPhone and now the iPad," he said, making it clear that it's unlikely that this upcoming workforce is ready to tolerate antiquated technology to do their work.
"Everyone wants their own device," said Moskites, which she stressed as not always a reasonable expectation. "Personally, I have my own device I also use a corporate device. I keep my worlds separate. But the millennium generation doesn't see it that way," she said. Moskites relayed a story of a new hire to her team who had come into her office and wanted to know where his new MacBook Pro and iPhone were. "I need a Mac and an iPhone he said. I told him this doesn't always happen in real life. He was visibly shaken," she said.
"To Millennials the core value is social value," said Pittman. "It's wrapped in social media and the social network. These individuals 31 years old and younger are driving BYOD, and all of this social interaction is influencing the technology we use, big data, regulation, and even privacy," he said.
The changes the younger IT workforce are bringing to organizations is only part of the challenge. Another is the difficulty most panelists described in finding security personnel they viewed as qualified. "I have more positions that will be open [soon], and I will have a difficult time finding qualified people for those jobs," Moskites said.
When it came to cloud computing, Jones succinctly summed up the opinions of the panel on its enterprise impact: "That train, cloud computing, has left the station. We can be on it, or under it, or in front of it. This stuff [cloud] is going to happen." George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.
Read more about application security in CSOonline's Application Security section.