Do content delivery networks need a Chief Information Security Officer (CISO)? Cachefly, Mirror Image, and others private CDNs don’t really need a CISO, since ownership is in the hands of one individual, or handful of individuals. If a breach occurs with the private CDN, they lose customers, their reputation suffers, and life goes on. On the other hand, a CDN that is venture backed needs a CISO. Someone needs to be held accountable if there is ever a severe security breach. Investors will want answers for the breach, and most likely heads will roll. If there is a CISO on staff, they will be held accountable. However, if there is no CISO, than the CEO will most likely be held accountable.
What is a CISO
First, lets start off by saying who is not a CISO? The VP of Engineering, VP of Networks, VP of Architecture, or VP of Infrastructure is not a CISO. Having the technical aptitude is one requirement, but experience with Privacy, Policy, Procedures, Incident Response, and Governance are the other requirements. The CISO is an executive with vast experience working in the Infosec space. The CDN CISO is responsible for creating and managing global security policies, guidelines, governance, incident response, and procedures for all things security. These skills is what separates a CISO from a VP of Engineering. If I’m a venture backed CDN, and I don’t have a CISO on staff, I would go out, and find one immediately, knowing that my neck is on the line if there is a major breach. Do CDNs Need a CISO