31 Dec Cisco’s CSO of Global Value Chain On How To Protect A Worldwide Family
Edna Conway on developing relationships and working collaboratively with trusted partners to mitigate threats
– Casey Crane
St. Petersburg, Fla. – Dec. 31, 2019
From smart watches to smart office technology, connected devices have rapidly become a part of everyday life in our modern world. Gartner forecasts that there will be 25 billion connected devices by 2021.
At its core, the Internet of Things (IoT) represents an industry of connected or “smart” devices that aim to make human lives more convenient and businesses more efficient. And with these connected devices come risks as well as opportunities. But according to Edna Conway, many organizations focus so much on the former that they tend to neglect making the latter a priority.
And she should know. Conway is chief Security Officer (CSO) of Global Value Chain for Cisco, the global technology leader with more than 71,000 employees worldwide. She’s held several positions at Cisco over her 19 years with the company. In her current position, she drives Cisco’s supply chain cyber and security protection plan through the company’s channel partners and suppliers. Conway says that she thinks about IoT in terms of how it helps us thrive in the modern world and the opportunities for partnerships it provides.
We caught up with Conway at FutureCon Boston in the fall. Scott Schober, author of the book “Hacked Again” and the chief media commentator for Cybersecurity Ventures, sat down with her to discuss some of the challenges and opportunities for businesses in our hyper-connected world.
Dressed in a smart cowl neck top, jacket, and matching pearl necklace and earrings, Conway is an incredible mix of intellect, warmth and confidence. And it’s clear that she has a passion and drive for what she does — both of which come through in the interview. She shares her expertise and industry insights along with a healthy helping of effective analogies to drive it all home.
As a whole, the interview is truly a conversation about the challenges and opportunities facing the IoT industry. It’s about building relationships, recognizing the importance of asking questions, and understanding what the future looks like for enterprises and consumers alike.
Unlike many who view IoT security in terms of fear of damage or risk, Conway says straight out the gate that she likes to view security as the way in which we thrive in the economy in which we currently operate. It’s all about focusing on it in terms of opportunities and not just its challenges, although they’re something to still keep in mind.
“We live in a world where people talk to machines, machines to people, machines talk to machines at speeds beyond human comprehension,” says Conway. “How do we actually leverage that for the true productivity that it can provide to us?”
As the Global Value Chain CSO, Conway’s in charge of strategizing and partnering with third parties who are part of the company’s global ecosystem, which includes organizations that are involved in any stage of the lifecycle of a solution. This is much larger than just hardware and the supply chain — she views it as a worldwide family. As such, she says that all of us together have two main goals: to secure our enterprises, and to ensure that trust, integrity, and security are integral to everything we do and any solutions we offer.
For Conway, it’s about focusing on developing relationships and working collaboratively with trusted partners to mitigate threats and benefit everyone involved. Part of this is knowing how to communicate with different groups that are involved and getting them on the same page. For security-minded groups, she focuses on three threats: manipulation, espionage, and disruption. For the rest of the world, however, she explains that there are four exposures: tainted solutions, counterfeit solutions or diversions, misuse of intellectual property, and a lack of security hygiene.
Another key part of the collaboration equation is recognizing and relying on team members’ expertise.
“We have the privilege of working with some of the best in the world at what they do,” she says. “So what we’ve tried to do is write the architectural implementation requirements to the optimum extent possible.”
Schober and Conway discussed the importance of asking questions both from the perspective of enterprises and consumers — particularly concerning issues of data security and privacy. It’s no longer enough to just deliver something that’s fun or convenient; it also needs to be secure, vetted, and something one can stand behind.
This means that while it’s great that smart refrigerators can tell us what we need when we’re already at the store, and while we can monitor the security of our homes while in another location, it’s also important to recognize that means others potentially can as well. There needs to be an appropriate balance — something that everyone in the circle needs to keep in mind.
“We, as enterprise users of third-party platforms, or even as consumers, really need to think together about what kind of questions we ask,” cautions Conway. There’s a growing need for looking at platforms and technologies that emphasize convenience with a security lens without allowing it to stifle creativity and innovation.
Schober shared his excitement about the future and what the world’s consumers have to look forward to in terms of integrating wireless technology in our everyday lives. Everything we know and are doing today will be drastically different as new technologies increasingly become part of our lives. However, he and Conway are in agreement that we as a global society need to teach caution to the younger generations that are the world’s first truly digital natives.
Virtually every society teaches their children to look both ways when they cross the road. But Conway wonders whether all of us collectively are doing enough to teach them about the dangers of modern technology.
“How much have we really done to give them the ammunition they need to be smart, educated, and actually appropriately wary, risk-based decision makers in a digital and hyper-connected world?” Conway asks. “I’m not sure we’ve done that as well as we could. And that’s our burden to do individually, at the education level, with nation states in terms of what they deliver to their citizens. But at the end of the day, it’s all of us together.”
Throughout the interview, Conway highlighted the importance of mindsets: Having a mindset that is opportunity-focused and not just risk-focused. Having a global mindset that focuses on collaborative partnerships with third-parties — the team and family perspective — to make things better together rather than operating individually.
Conway also points back to the third-party ecosystem she discussed at the beginning of the interview. “We need to think about the way in which we approach it with the mindset that it’s not about where, it’s about what you do and with whom. If you’re doing it right, ‘where’ doesn’t even matter.”
To find out more about what Conway and Cisco are doing, check out the Cisco Trust Center website. There, you can find out about their entire approach to trustworthy systems and integrity. Be sure to also check out the Global Value Chain Security Program website as well for additional information, infographics, and video resources.
– Casey Crane is a freelance writer.