- [Narrator] It's lunchtime and this is Brad Anderson's lunch break. (playful music) Two of my favorite things about Microsoft are the smart people that constantly visit campus, and the great fleet of shuttles. Whenever I can, I try to take advantage of both of these things and I grab lunch with some of the tech industry's best and brightest. (playful music) Today I'm talking with Mauricio Guerra, the Chief Information Security Officer at Dow Chemical. (playful music) (greets in foreign language) - Hola, Brad. Nice to meet you. (speaks in foreign language) - [Brad] Dow Chemical, one of the biggest chemical companies in the world, you make plastic, you purify water, you're in agriculture, fifty four thousand employees, one hundred and twenty year old company, and you've got to keep it all secure and safe. So if someone is watching this and they've got a set of executives that really, you know, have some misunderstandings or just don't have the awareness of cyber security and cyber threats, what advice would you give them in, you know, an IT professional, in educating their managers or leaders? - The most effective way, but of course is the way that we don't want, is learning the hard way. - Yeah. - Is learning the hard way, after the fact, after a couple of incidents, but what is effective is bringing an external perspective. So I myself have a more positive, constructive way to do it. Inviting external, well established companies to present to the board of directors. - So we're gonna play a little game called this or that. And so I'm gonna give you two different things that I'm going to give you a description and you're gonna tell me which one of those matches the description. - [Mauricio] Okay. - [Brad] Okay. Now I want you to tell me if I'm describing a blind date or a proof of concept for some kind of a security offering. - Okay. - [Brad] First, you can't believe you let someone you trust talk you into this. - I would say my initial answer was both. - Yes. - I mean it can go either way. Cannot play for both. - Yeah. Perfect. That's exactly right. - Okay, more than a few times you've wondered, am I better of with familiar disappointments, rather than new adventures. - Oh I'll go for the second one. (laughing) The proof-of-concept. - That's what I thought too. You get stuck with the bill at the end. (laughing) - Okay, okay. Proof of concept for sure. Blind date very likely will be as well. (laughing) - [Brad] Yeah so one of these that you've mentioned that I thought was really interesting was you know, the move to the cloud, more and more mobile devices being used, what you're being asked to protect is expanding and it's going outside of the traditional confines of the perimeter that, you know, we've all used for security. Now, you know, Dow, big user of Office 365, big user of enterprise mobility and security, what kind of a role did you play as these decisions were being made to move to these cloud services? - [Mauricio] We understand the value of cloud, we have a vision that in two, three years eighty percent of our information will be.. - Eighty percent? - in the cloud, and we are moving aggressively into that direction. So the way we are approaching cloud, we said, okay, let's do it in an organized way, meaning that we will partner with enterprise class providers. - Yup. - That's kind of the first key topic, I mean, instead of going here and there, we pick few cloud suppliers and say, okay, we will partner with those. After that, we will look for industry certifications, making sure that cloud providers, like Microsoft, give us good certification, industry certifications, SOC reports, that helps us feeling more comfortable that our information is in good hands. After that we need partnership, that's the type of partnership that we have established with Microsoft, meaning that we have permanent dialogue, that you keep us updated on what you're doing, what is our new roadmap in the cloud, what is the roadmap in collaboration tools, what is the roadmap for digital transformation. Understanding that cloud needs to mature. We are in the early stages of cloud. The basics are there but there is more that needs to be done in the area of security. Directionally, I do believe, or we do believe at Dow, that's the way to go. And as a matter of fact, that's what the IT industry is going to be doing. - Everyone's gonna head there, it's just at what pace. - It's just when. (playful music) - [Brad] Next time on Brad Anderson's lunch break, - [Mauricio] Cyber security is not implementing a couple of firewalls here and this and that and that. It's making sure that from the executive level down the companies understand and properly manage their risk. (playful music)
No comments:
Post a Comment