Guest blog by David Spark, Spark Media Solutions
“We want to get out of their way once they’ve passed through the architecture gauntlet,” said Dan Glass (@djglass), CISO, American Airlines.
In our conversation at the 2016 RSA Conference in San Francisco, Glass said that after they talk to the business units about their goals, they offer up security architecture requirements and then they’re hands off. They want to avoid doing any pre-deployment-toll-gating which would just slow down deployment.
Even in their effort to make the business faster, one of the major complications American Airlines faced, said Glass, were stove-pipe issues. There are so many different IT divisions that support different verticals, such as crew and flight systems. Each one has completely different drivers and platforms. Security’s goal is not to break down the stove pipes, but rather figure out how to work within all of those stove pipes.
“Some of the other challenges that come from stove piping are islands of information, islands of knowledge, and islands of capability,” said Glass.
Given that his team has his foot in all the different groups, they’ve been able to facilitate a conversation between the stove-piped divisions. In order to extract all this knowledge and capability within each stove pipe, American Airlines embedded more security professionals within each stove pipe.
When I asked Glass how important the cloud has been to his business, he said that the cloud is another way of deploying.
“SaaS has really helped airlines I think be able to figure out what are the things we want to develop as a software shop, as an IT organization,” said Glass. “What drives business value? And what things can we hand to somebody else and say, ‘Please handle this for us because this really isn’t our core competency and we’re really burning resources.’ That’s where I see the value of cloud.”