Machine learning, artificial intelligence, the internet of things -- today's innovative tech might rattle the nerves of some digital security professionals, but not Alissa Johnson. The Xerox Corp. CISO and former deputy CIO in Barack Obama's White House believes machines acting on data can deliver tremendous value for organizations. But first, the data must be protected "so that we can be dependent upon it, and then we know that the machines are doing the right things for us."
SearchCIO spoke to Johnson on the sidelines of Gartner Symposium/ITxpo in Orlando, Fla., earlier this month about protecting data integrity and maintaining a balance between good cybersecurity and company innovation.
"We're in an age now where the CISO and the security group have to be able to enable," Johnson says in this video. "You allow a company to be able to innovate, but you have to be able to talk about risk and risk mitigation."
What about innovative tech today scares you the most?
Alissa JohnsonCISO, Xerox Corp.
Alissa Johnson: I think the innovation now is really dependent upon good data. So even if you think about, when we talk about machine learning, when we talk about AI, all of that's based on good data. So in my mind, the way the world works is, you have all of this machine learning -- you can do great things with it, but there's also the integrity of the data that you have to take into consideration.
And so that is now going to have to have a lot more protections around it, a lot more security controls around it to ensure that the data has the right amount of integrity so that we can be dependent upon it, and then we know that the machines are doing the right things for us.
How do you strike the right balance between innovation and cybersecurity?
Johnson: I think we're in an age now where the CISO and the security group have to be able to enable. Technology is an enabler, of course, but security is the differentiator. And so we have to be able to speak in terms of risk, speak in terms of risk mitigation, and so I think that's how you strike the right balance. You allow a company to be able to innovate, but you have to be able to talk about risk and risk mitigation, and that's data risk and enterprise risk, as well.
Xerox Corp. CISO Alissa Johnson discusses the hardest piece of cybersecurity management, people and how to make it simpler in this SearchCIO video.