A conversation with IDC: from digital transformation to security transformation

After a year of radical change, enterprises are embracing security transformation to improve security, increase resilience and reduce risk while supporting wider business initiatives. Peter Margaris, Skybox Security Head of Product Marketing, recently sat down with Duncan Brown, IDC Vice President of European Enterprise Research, to discuss the challenges facing security leaders.

With over 20,000 new vulnerabilities introduced in 2020, how are security leaders rethinking their vulnerability management approach?

Peter Margaris (PM): The amount of vulnerabilities introduced this year has skyrocketed – and the attack surface has also expanded accordingly. Threat actors are taking advantage of these opportunities. With ransomware and other exploitation techniques on the rise, a different approach is needed. While patch management methods may work, gaining insight from a vast and diverse range of data sets is a surefire way to remediate and ultimately reduce risk.

Duncan Brown (DB): It’s also important to emphasize that these new vulnerabilities will not go away. They are a direct consequence of digital transformation, with many organizations joining technologies that were never designed to work together. CISOs can gain better insights and overall value in the investment by connecting these previously disparate and siloed systems.

How has the mandate to support a distributed workforce and remote operations introduced cybersecurity and compliance risks?

PM: To support the rapid remote working shift at the onset of the pandemic, focus shifted to get workers up and running ASAP. Skybox’s recent report, Cybersecurity in the new normal: securing the distributed workforce and remote operations, revealed that scheduling reporting, software updates and BYOD policies were all deprioritized during initial lockdowns. The implications of these decisions should not be underestimated – it is inevitable that they have led to the introduction of new risk.

Many C-level executives are aware of the risks associated with activities surrounding the enablement of a distributed workforce.

With 70% of CISOs expecting one-third of the remote workforce to remain remote in 18 months, it’s critical to scrutinize the decisions made towards the start of 2020 and any new decisions made to secure a more permanently remote workforce.

DB: I agree. A lot of people have focused on the dispersion of the workforce, but data was also dispersed. Data sits on laptops and other devices, and that went home as well. Suddenly, many organizations had another jolt of urgency when they realized that they had secured their workers but had not secured their data. They know that they need to adjust: The distributed workforce is here to stay, and so too is distributed data.

Also, COVID has ruthlessly exposed any deficiencies that exist within the organization. Whether that’s cash flow, partnerships – anything. One of the critical areas that have been exposed is where data is located. The whole gamut of security has been exposed.

Are we moving from digital transformation to security transformation in the post-pandemic enterprise?

DB: Digital transformation and security transformation signal a transformation of trust at both a business and consumer level, enabling continued digitization. In 2021, we can expect to see more targeted investments in 5G, mobility and IoT as more apps continue their migration to the cloud. I believe that organizations are going to shift their focus from security to trust. We could eventually see the CISO taking on a new title – chief trust officer.

How will security leaders capitalize on their newfound seat at the boardroom table to embed security considerations in future digital business strategies?

PM:  We’ve reached a tipping point. Security leaders are now able to demonstrate that security can accelerate digital transformation rather than inhibit it. The board better understands the value offered by security. Now is the time for security leaders to reinforce how everyone within the business needs to become a stakeholder in terms of managing risk, eliminating silos and putting the right technologies in place to enable automation. Ultimately, this will drive greater efficiencies.

In light of macroeconomic conditions and learnings from Covid-19 lockdowns, what should security organizations be doing to build resilience, drive efficiencies and reduce risk?

PM: Security is not a static element. It’s dynamic and multi-dimensional. Organizations have to evolve. Central to this evolution is ‘security by design.’ This means that they need to gain end-to-end visibility. This will also enable them to dismantle organizational silos – it comes with the territory. With the proper context and data sets at their disposal, CISOs will be able to make more informed decisions as different business processes are implemented across the organization.

Skybox recently surveyed the market to determine how security practitioners worldwide are handling the implications of the distributed workforce. View the results of this research in the latest report: Cybersecurity in the new normal: Securing the distributed workforce and remote operations.

Watch the fireside chat here.

Additional resources

ReportAccelerated digital transformation: a catalyst for security transformation

Infographic Five reasons cybersecurity needs to transform

Gartner report Implement an Agile Cybersecurity Program: Lessons Learned From the Covid-19 Pandemic