As businesses strive to innovate and re-engineer their business processes to fully embrace “digital” there has been a consequential effect on the delivery mechanisms, systems and processes required to achieve that.
The IT industry used to be consumed with the promised cost savings in “moving to the cloud” – whether private, public or hybrid. Concerns were centred around the “nuts and bolts” of such a move – about virtualising servers, about managing peaks and troughs in demand for computing resource and so on.
Today however, the industry and technology has matured and platforms have become better understood. A transition to the cloud today is driven much more the need to accelerate innovation and competitive advantage within the organisation than it is by cost savings.
This has enabled us as an industry to not only move further “up the stack” in addressing the hierarchy of business needs, but through working techniques such as Agile, and more integrated working practices like DevOps, placed us in the best position ever to deliver the competitive advantage our end users need as their requirements evolve.
But what impact has that made on the security of our business-critical applications, and our sensitive information? What does it mean for the traditional data security function and the skill sets and careers of those that have been involved in it up to now?
Glass half empty?
A “glass half empty” view of the world leads to a lot of hand wringing over a more fluid delivery platform, the loss of perimeters, a loss of control of the physical infrastructure on which critical business systems may run and so on, but these folks are missing the opportunity.
To date, security has often been holding back innovation, not given a seat at the table for new application discussions until well after the ball is rolling.
Security leaders now have a chance, maybe a once in a career chance, to rethink the approach to information security that is needed for a successful future in the cloud. Getting it right has the potential to transform the security function from being perceived as a tax and a brake on getting things done, to being a competitive advantage, aligned with the business, proactively identifying and mitigating risks and the catalyst to accelerating innovation.
In fact, there are six key ways in which we can rethink security in the context of a digital transformation programme and, done right, can be the gateway to opening some fantastic business and personal opportunities for all those involved.
1. From stability to agility
The mindset in Information Security and indeed IT has historically been predicated on the idea that stability and uptime should be the primary goal. “If nobody touches it, then it won’t go wrong” became the tacit understanding, effectively stifling the business’ ability to evolve and innovate.
But IT don’t own the application anymore: multiple business owners and stakeholders are building / moving business critical applications to the cloud. As agile methodologies are adopted and cloud infrastructure removes the inertia in spinning up and testing new services, security strategy can and must now reflect that agile approach.
By packaging security as services that can be quickly incorporated and consumed we can provide the business the agility required to make incorporating security frictionless.
2. Security and compliant from the start
Digital transformation provides the opportunity for security, regulations and compliance issues to be considered and included at the outset of a project. A DevSecOps approach – where security is considered as code and consumed as a service within applications can make his possible.
This is a long-held pipe dream for many organisations and will ultimately lead to the days of “bolt-on” security, and the tools and techniques that were required to achieve this, to be numbered.
3. The elimination of shadow IT
The emergence of what has become known as “Shadow IT” – parallel services spun up in the cloud by frustrated and/or impatient sections of the business, has presented a not insignificant challenge to corporate security teams.
Shadow IT is largely a result of IT teams’ inability to respond to their customer’s requirements quickly and efficiently enough. A well-executed Digital transformation programme presents the opportunity to address these issues head-on, eliminating the need for shadow IT and therefore eliminating the associated threat to corporate information, by bringing it back in-house.
4. Security as a true stakeholder in the business
The integrated nature of service delivery because of a Digital transformation programme means that, perhaps for the first time, security staff will be fully exposed to the forward-looking requirements of the business process owners.
Understanding the business requirements from the outset gives the security team the chance, again perhaps for the first time, to influence the forward direction for the business and to help to accelerate innovation.
>See also: The connected security space in the home
Smart security folks will find ways to foresee, articulate and mitigate risk, enabling the organisation to move faster, taking even bolder steps than they might have otherwise dared, delivering ever greater competitive advantage.
At a personal level, this improves the career opportunities and prospects for those individuals, placing them in a much stronger place than would have otherwise been possible.
5. Holistic security operations delivered in the cloud, optimised for the cloud
Too many security vendors seem to be pursuing a strategy which appears to be a result of their customers dragging them into cloud. Placed in catch up mode, often they have tried to reengineer existing products and services, placing a “cloud ready veneer” over them before trying to retrofit them.
To be clear, a virtual instance of a hardware product that was originally designed for an on premise data centre can never deliver the performance or coverage required to deliver efficient and effective security in even a private, let alone a public, cloud infrastructure.
Security must fully adapt to the cloud, monitoring and placing controls in the places that matter, rather than where convenient for any vendor’s product.
By rethinking security operations from the ground up as part of an overall digital transformation programme we can transform what is possible in terms of the agility and effectiveness.
6. The Man from Del Monte vs. Dr No
Not old enough to know what this means? Click here. Digital Transformation provides the best opportunity yet for the security team to become the enablers of the business, drive innovation, and to be proactive in shaping the future and opening doors to new possibilities.
From a personal, professional and corporate perspective, who would you rather be?
Sourced by Nicki Wallace, vice president EMEA at AlertLogic