CISO-CIO rapport at AstraZeneca shores up cloud use, security- Valutrics

That’s why IT security needs to be woven into the fabric of the company, with cloud services monitored and governed through company policies, Smoley said. It’s also why, in 2014, he brought over a former colleague from his previous employer, Flextronics International (now Flex). That was Haskill, who got his start at the electronics manufacturer 17 years ago working on servers and software and rose through the ranks to CISO.

Dave Smoley

“He’s a very strong technologist and very experienced,” said Smoley, who led IT at Flextronics. Haskill learned the business by doing, “having his fingernails dirty, repairing PCs, all the way up through the IT organization.”

For Haskill’s part, he and Smoley got along well in the past and developed a bond of trust, he said, which shows in the present.

“He knows how I’m going to react in certain situations; I know how he’s going to react in certain situations. I know what he wants,” Haskill said.

Their CISO-CIO collaboration began as soon as Haskill started three years ago — “I knew even before I was hired at AstraZeneca what his strategy was going to be,” he said of Smoley.

His first challenge was convincing business leaders in the highly regulated pharma industry that moving to the cloud leads to benefits like faster implementation of new technologies and initiatives and lower overhead costs. And also that big cloud vendors, such as Amazon and Microsoft, can better protect their data and applications than data centers can. Some folks are still squeamish about sending data into the cloud, though — something that Haskill is working to dispel.

“As long as the compliance, security, the normal things around patching, pen testing, vulnerability scans — [if] all that is in place, why should they even care where the data goes? And so that’s what we’re trying to migrate to,” Haskill said.