First, credit where credit is due. I’ve penned these thoughts after listening to a fascinating conversation between AT&T CSO Bill O’Hern and CTO Jeremy Legg which kicked off our Cybersecurity conference this month. It sparked thoughts I feel compelled to share.
In the technology sector we are familiar with the idea of cultivating a culture of innovation. We also know the risk of failing at the first hurdle if evolution doesn’t happen in a secure environment. We talk about creating a culture of care in the workplace. Keeping people safe is the first step to making that happen. I think you get my drift here. Security is important to many business propositions.
Today’s cloud-centric ecosystem has opened our world, creating a virtualised landscape that we easily can self-provision as required. Moving away from customised on-premises technology brings benefits in scale, scope, capacity, and agility. You can access and analyse petabytes of data from anywhere. It has the power to provide the opportunity to be a disruptive force in business. But it all comes at an unquantifiable cost. Transitioning everything to the cloud raises the cybersecurity stakes. Alongside the obvious investment and changes in tech, it will need a cultural change within organisations.
Cybersecurity should now be part of the fabric of how things work. You can see this illustrated in new business models popping up globally like Cyber Security as a Service (CSaaS), and even Hacking as a Service (HaaS) where the hacker’s job is to outthink the other ‘bad actors’.
Cybersecurity is on a journey of continuous improvement. But the pace needs to pick up. It can’t be the kid picked last for the sports team. The coffee cream (insert your least favourite confectionary) chocolate left in the box. In today’s hyper-connected, globally dispersed workplace, security wraps around all that is innovative, disruptive, experimental, and forward-thinking. It enables all these things to happen, which means the way that we think about security for business must change. It needs a seat at the boardroom table. Without it, technology becomes an enemy of progress for us all.
Giving security an equal seat at the table
For a long time, bolting on cybersecurity comes after deploying technology. It’s there as ‘belt and braces’, removing the fear for companies of being breached. Its intrinsic value in the business ecosystem was taken for granted. Not now. It must be embedded into applications, not included after the fact, and much of this has to do with changing our attitudes to fit our current climate.
Security is a benefit to business not an annoyance. It must be thought of as a valid value stream, allowing organisations to support their staff and deliver to customers effectively. The importance of this security narrative should come from the top down and focus on illustrating its significance in everything we do. Consequently, one might argue that changing the culture is one thing but where do we find the personnel to perform this function in a dwindling market?
Finding the right talent
The world is short of software developers and security personnel. The UK government estimates that 408,000 (30%) businesses have advanced skills gaps in areas like security architecture, penetration testing and forensic analysis. I also highlight that a staggering 653,000 (48%) of businesses have cybersecurity staff who lack the confidence in basic skills such as setting up configured firewalls, storing or transferring personal data, and detecting and removing malware. The fact is, as these problems become more common and complex, businesses that are unprepared to tackle these kinds of challenges are more likely to suffer.
This is where a managed security service provider (MSSP) can be key. A strong provider, with the right capabilities, can align themselves with a customer’s objectives and design an approach that streamlines security management into a centralised monitoring platform. With talent at a premium, an MSSP can play a vital role in threat detection, incident response and compliance management.
Security drives success. The mindset around security must be ‘change to survive’ from the C Suite to the front line. With increasing numbers of employees accessing the cloud in the workplace, business leaders must work to make all personnel aware of the value of security beyond its obvious protection benefits. In today’s organisations, security is there to improve the experience of the employees, customers, and partners.