Why cybersecurity must be viewed as more than an IT issue
This article originally appeared in Digitalisation World.
Cybersecurity will have to remain a priority for the foreseeable future. The truth is that data breaches are now an inevitability, which is significant given that the majority of organisations rely on the internet to run their business. In today’s world, cybersecurity is primarily about providing a business with the capacity to protect and drive revenue with an acceptable level of risk. But a common failing in the enterprise response to risk is approaching cybersecurity from a solely technical perspective rather than viewing it as a business issue requiring more comprehensive attention.
This expansive view of cybersecurity is particularly important in the era of digital transformation. Indeed, as organisations look at digital transformation, they are faced with a technology landscape that is constantly evolving and driving change across the enterprise. The pillars upon which business IT systems were built 30 years ago are rapidly fading out of existence, introducing new opportunities—and risks—in the process.
Using technology to transform business
Digital transformation is a powerful business enabler with many potential benefits, from added flexibility for employees to cost savings to improved efficiency. As such, a transformation must involve input from all aspects of the business, not just IT.
This spring, we commissioned an independent company to research EMEA enterprises. Our hope was to understand where they are with their digital transformation journeys, what challenges they have encountered, and their biggest concerns about cloud migration. The results revealed that digital transformation is still predominantly an IT decision; however, business decision-makers are increasingly driving this initiative, such as the chief information officers (54%) and chief digital officers (47%). Furthermore, 18% claimed their CEOs are pushing for, and owning, digital transformation, and the top reasons given for transformation include issues very much in the CEO’s purview. They include increased flexibility for employees (37%), a new business strategy to focus on core competencies (36%), improved profit margins (36%), and increased cost savings (35%).
However, companies embarking on digital transformation initiatives are beginning to recognise that the traditional way of providing remote access connectivity to their applications residing in the cloud or on corporate networks are riddled with security risks. When asked about the biggest obstacle to digital transformation, security topped the list across all four regions surveyed. Eighty percent of enterprises reported having security concerns about the way in which employees access data and applications remotely. With the extension of the perimeter to the internet, segmentation on the application level is needed to strengthen the security posture in the cloud era, when mobile employees, consultants, and third parties require access.
Cultivating the right culture in IT
Culture can also be a problem in IT departments; teams are typically risk-averse and resistant to change. They tend to view new technology trends such as SaaS and the cloud as more of a threat than an opportunity. What’s more, despite IT doing its best to keep up with these changes, technology is continually evolving. Previously, IT teams were the primary go-to experts; they dictated what strategies and applications the businesses needed to be using, and tools or platforms were bought to meet those needs. However, most people are now skilled in the use of technology and are much more IT savvy than they used to be. For IT teams to survive this paradigm shift, they need to stop appearing as a gatekeeper to digitalisation and transformation. IT departments must instead be perceived as enablers and trusted partners to help deliver greater business performance. With a focus on speed, there’s always the possibility of users circumventing controls and inadvertently putting the organisation at risk.
The IT team’s job is no longer about configuring boxes. It’s about giving control to teams that can make better use of technology advancements, such as the cloud. The other side of this release of control is a significant shift in security teams’ attitudes. They must accept that whilst in the past they were the ones to deny access and to inspect the elements of the business network, they must now trust their contractors and other teams to ensure compliance with GDPR and other company or industry regulations. Handing over some control can be critically important to the success of a digital transformation project, but it can be one of the hardest challenges to overcome. Open (and clear) lines of communication between IT teams and the board are essential to ensuring that risks are mitigated and that the security posture of the organisation is protected in the long term.
Evolving cybersecurity for the cloud era
It really is crucial for organisations to reevaluate their approach to cybersecurity in the era of cloud and mobility. Enterprises have been swift to recognise the need for app transformation and cloud services, yet security has often lagged behind. As a result, organisations have been in a position to try to secure access to their cloud applications the same way they secured their data centre applications: via firewalls, VPN appliances, and other network-centric technologies. These legacy methods of security leave enterprises with a poor user experience, high costs, and a risky security posture. Security needs to evolve with the new focus on cloud and mobility; otherwise, enterprise efforts to transform will be hindered in the long run.
Once a business starts to think about how cybersecurity can affect core business assets, it can start to build a security structure for and around the digital business, not as an afterthought, but as an integral and enabling function. However, as long as the C-suite sees cybersecurity as a technology problem and not as something that will affect revenues, businesses will remain vulnerable to increasingly sophisticated attackers. Ultimately, if IT teams, C-suite officials, and departmental staff work together to address needs across the organisation, companies will successfully defend their data and assets and overcome the challenges of digital transformation.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Stan Lowe is the Global CISO for Zscaler