Zayo’s New CSO Takes Security to the Next Level

Dale Drew is Zayo’s new chief security officer, with more than 30 years of experience in developing critical global security programs. Prior to moving into the private sector, he worked for the U.S. Secret Service, spearheading Operation Sundevil — the nation’s largest computer crime investigation — and ran the Arizona state forensic lab as part of the Arizona Attorney General’s Office in the Organized Crime Division. He then spent much of his career protecting large telecommunication backbone networks. Now at Zayo, he plans to use his history of building industry-leading technology, operations and compliance organisations to provide transparency to clients while disrupting the industry. We talk to Drew about his new role at Zayo and his plans for the future.


Why CSO? It’s a new role for Zayo, and it demonstrates the company’s maturity. In my role, I have several primary functions: I’m responsible for the logical security of the company and the brand; I’m also responsible for the company’s corporate infrastructure, the corporate network and the corporate data centre environment. I’m also responsible for the company’s business continuity program, its privacy program and data privacy initiatives, which are becoming more and more critical to companies like us who handle customer data.

Why now? Every company needs to have a focus on security these days, and that’s especially true for large companies that are becoming attractive targets for bad actors, everything from a casual attacker to a large, organized effort. It’s the right time for Zayo to build on the work that’s been done and the foundation that is in place, elevating our focus on security.

What have you been hearing from customers since you joined? Customers are demanding much more transparency around how companies protect their products and services and infrastructure. They’re asking for information on what we’re doing to protect their company so they’re not worried someone is going to hack into the network and cause availability issues or steal their data. We need to provide customer confidence by showing that we have a mature industry-acceptable security program and are protecting the Zayo brand from bad actors.

What’s your plan for Zayo’s security? Our plan is to build upon the security foundation that is in place, using best practices to protect our company and demonstrate that program to our customers. Then we’re going to be disruptive. I want to be able to manage the entire security program through innovative, industry leading, open source security software. Our intent is to evolve the industry security maturity model forward a couple of transformative steps and get holistic solutions to market faster, so we’re working with a number of open source initiatives right now to find a way to implement their solutions that protects our company but does it in a way that’s disruptive.

In what ways will this be disruptive? The average CSO has to manage 75 security vendors. Everything they do is bolt-on security. We want to provide more capability through the infrastructure by working with our vendors to integrate security capability into their solutions that can easily interact with our security architecture to minimize the number of vendors and make the solution more inherently secure. In addition, usually it’s a cat-and-mouse game between IT and security; the company expects a balance between performance and security of applications. I want to demonstrate that you can get the best of both worlds by combining them together — that it shouldn’t be a compromise between both disciplines. This is why I asked the company to specifically take responsibility for Security and Infrastructure.

What will the future of security look like at Zayo? I’m consulting with each of the business groups on managed security solutions that we can embed across the portfolio. There will be a set of security capabilities embedded into the service. It’s not a bolt-on, it’s just like any other service feature. When you buy wavelengths from the company, you can click a button and get encrypted wavelengths. It becomes the way we way do business, and any service we decide to offer can be extended across the portfolio.