The accumulation of significant technology spend over the last decade swelled in the last few months due to quick decisions made to support a distributed workforce. This, combined with the macroeconomic climate, has led to heightened scrutiny of 2021 cybersecurity budgets.
At the same time, security leaders face accelerated digital transformation initiatives as a result of fundamental changes brought about by the COVID-19 pandemic. First, the lockdowns rapidly accelerated the need for businesses to find new ways to engage with customers and supply chains. Many industries fast-tracked their digital initiatives, and organizations of all types turned to digital platforms to provide goods and services. Second, hundreds of millions of knowledge workers began remote work, in some cases with as little as 24 hours’ notice. This rapid change caught business, IT and security decision-makers almost completely off-guard, creating and exposing major security gaps that needed to be addressed quickly.
As a result of doing business differently, IDC predicts that 65% of the global GDP will be digitized by 2022, driving $6.8 trillion of IT spending between 2020 to 2030. For the chief information security officer (CISO) and their security team, this means that they now have a lot more to protect – more access points to configure, more technologies to secure and more changes to properly validate.
As it stands, most enterprise security teams are not equipped to fully support new digitization projects: The cybersecurity skills gap is worsening. The volume of vulnerabilities they have to protect is constantly increasing, and their security environments are becoming more complex.
CISOs have a difficult hand to play. While the attack surface has grown exponentially larger, that does not mean that budgets will grow at the same rate. CISOs must find ways to secure a larger attack surface while contending with limited budgets and resources. The tech they do have needs to work harder for them. It also needs to free up resources to focus on the blocking and tackling that goes into securing accelerated digital transformation initiatives.
The “new normal” demands a radical new approach to security
Previous roadblocks have been dismantled. The CEO and company boards are keenly aware of the criticality that cybersecurity considerations be embedded into business decisions, and the communication channels are finally open. Security and IT teams are now working together more closely than ever before due to accelerated initiatives such as cloud migration. Business continuity practices have been pushed to the brink. Many stakeholder groups have heightened sensitivity towards the importance of building business resiliency. The macroeconomic conditions have made it paramount that all organizations – including IT and security – look to do things better, faster and in less-resource intensive ways than before.
However, security investments traditionally have heavily favored point solutions. Now that the distributed workforce and accelerated digital transformation have expanded the attack surface, the need to tackle hyper-specific security issues is less pronounced. If anything, these solutions lead to network silos that limit security teams’ ability to support digital transformation efforts. What was once ‘good enough’ will no longer work.
Forward leaning CISOs will capitalize on their position of influence to design a new approach to security programs that will be underpinned by holistic visibility with context-rich insights into the security environment and automation of key processes. Security organizations will benefit from increased efficiencies, more time to focus on strategic initiatives, improved decision-making capabilities and a healthier security posture.
Insight is the new currency
Accelerated digital transformation is a forcing mechanism for security and IT organizations to come together and align on many things: from operating models, to supply chain considerations to the legacy technology and point products that have accumulated over the years.
CISOs need to evolve their technology stacks to deliver critical business outcomes and long-term value to maximize current investments and right size legacy products. Rather than continuing to purchase point solutions that tackle hyper-specific security issues, the CISO needs to build a technology stack that empowers them with comprehensive insights into their environment and enables them to make informed decisions. Ultimately, security leaders need to work towards the development of programs that enable them to unify and get visibility into all of their disparate network elements and past investments in dozens of security technologies over the years. They will move away from considering each new solution in isolation and, instead, consider how any new investments can work with existing technologies to support and evolve the security program as a whole.
This insight can show how many exposed vulnerabilities have been remediated, how proper configuration has contributed to the success of ongoing transformation initiatives, or how control is being maintained over the network perimeter. It can increase understanding of the hybrid network – how policies are being translated to clouds and virtual networks – to ensure compliance standards are being met. It can help security teams better prioritize precious resources to provide the highest risk vulnerabilities are being addressed.
Learn more about why digital transformation in the post-pandemic era has become a catalyst for an insight-led approach to security program design: View report here.