CISOs under immense pressure to transform and secure as well

Arun Shankar
September 16, 2019 12:27 am

Digital technology is moving at a dizzying pace. As users, we have adapted to that pace. And we want to interact with companies and providers via the channel most convenient to us. Businesses need to adapt to this change by embracing digitalisation focusing on the things that matter most.

Digital transformation is therefore the change from a traditional legacy business model and technical architecture, processes and systems to a business model and technical architecture that enables evolving business outcomes in a rapid and agile way.

Digital transformation is driving business transformation which is driving business growth. 75% of CEO’s surveyed stated they are entirely and mostly confident that their IT transformation programmes will deliver their strategic business objectives and drive growth. However ambitious the CEO’s plans are for a more digital business, they will come to nothing without the right technology infrastructure

The most important technology elements are security, reliability, integration and cost effectiveness. Agility and scalability come lower on the list, even though the ability to flex, respond and scale rapidly are still core competences of successful digital businesses

There is immense pressure for digital transformation. Moving workloads to the cloud, creating more cost-effective infrastructure, and meeting the needs of stake holders, to name a few.

The Chief Security Officer must weigh this against the need for security and provide a level of protection and resiliency that corresponds with the need for digital transformation. Combine this with conflicting needs of the CISO versus the CIO and CFO, and the challenge becomes even bigger

Businesses wants to make greater use of the cloud, but each new platform brings more complexity and potentially expands the attack surface. And if the organisation is adopting software defined network in response to greater bandwidth demands, it could inadvertently be creating even more vulnerabilities unless fully thought through. The team may not have all the skills required to protect an expanding hybrid environment.

Increasing and ever-changing regulations and knowing if the organisation is compliant with them is impossible and even basic system hygiene is difficult when the CISO does not know all the devices connected to the network and the cloud.

Signature-based security is no longer sufficient. Not all attacks will be caught at the firewall. The challenge is not just about the cloud and the connection to it. It is about having a comprehensive approach that considers what security is throughout the infrastructure.

It means adding new security services, which were not as important before, like intrusion and endpoint detection protection services. Detecting sophisticated intrusions once they have occurred, and then resolving them with the least disruption to the business.

The rate of change means it is often difficult for established vendors to compete with start-ups created to specifically address a particular security requirement and whose business model is able to undercut established vendors on both price and the ability to execute solutions rapidly

As cloud adoption increases, regulations become more stringent, the convergence of IT and OT environments continues and with the rise of the IoT, customers are increasingly having to act as integrators with large in-house security teams to make sense of the vast landscape of vendors and products on the market.

With the exception of a few, most vendors are interested in pitching their product with little thought given to how their solution would affect the customer’s overall security posture. However, increasingly vendors understand that working through a partner, with the ability to provide the integration skills and knowledge that customers are looking for, is the way forward.

Nasser Bostan, Head of IT Security Practice, Middle East, Africa and India, BT.

Key takeaways

  • Most vendors are pitching products with little thought about how their solution would affect the customer’s overall security posture.
  • Digital transformation is driving business transformation which is driving business growth.
  • The most important technology elements are security, reliability, integration and cost effectiveness.
  • Knowing if the organisation is compliant is impossible when the CISO does not know the devices connected to the network and the cloud.
  • Customers are increasingly having to act as integrators with in-house teams to make sense of the landscape of vendors.

End users and channel partners are increasingly managing the complexity of installed cyber security solutions.

Tags: