We are going through a period of huge security and networking upheaval. Transformation projects are afoot in the vast majority of organisations and architectural ideologies are shifting towards SASE and Zero Trust. We are all seeing and experiencing this first hand, but anecdotal tales of how organisations are handling these changes are inconsistent. Some are seeing security teams expanding, while others are decentralising the team and distributing security expertise across project taskforces. For many, SASE is sitting in the hands of the networking teams, but others tell us SASE is an inherently security-run exercise. What’s the truth?
We wanted to understand CIO and CISO intentions and practices around network and security transformation projects, so we undertook some European research in the UK and Germany. The question the research looked to answer was; what does network and security transformation mean in practice for teams, budgets, skills, and suppliers? You can read the full findings in our report here, or read on for a summary and some of my thoughts.
1. Transformation is already well underway
27% of the CIO and CISOs that we polled state that their growing use of cloud requires a new network architecture and the same percentage (27%) expect this use of cloud to increase their risk exposure. This sets the imperative and goes some way to explain why 99.5% of these leaders are undertaking network and security transformation projects within the next 5 years (more than half are either already involved in projects, or will be kicking off this year).
2. It’s unequivocal: cloud security transformations bring cost savings
79% of IT leaders polled reported already having made savings by using cloud security to replace legacy security appliances and reduce bandwidth requirements. Savings are coming from hardware and appliance replacement – including VPN (25%), reduced bandwidth needs (23%), and vendor consolidation (21%). Replacing costly firewalls (with Firewall-as-a-Service FWaaS) in particular has already produced savings for 21% of IT teams.
3. Transformation doesn’t stop at the technology
Network and security teams are set for a shake-up. We discovered back in the spring that poor collaboration between the two teams was jeopardising digital transformation projects, and this is clearly starting to be recognised by leaders. In our autumn poll, nearly a third of European CIOs and CISOs are planning to converge network and security teams within the next two years, driven by a significant growth in cloud use which, according to our survey participants, “makes the separation of teams unhelpful”. In addition, the challenge in finding candidates with security skills (anticipated by 46% of survey participants) means network team members are being transitioned into security roles (a plan for 30% of CIO and CISOs).
4. Budget exchange
Teams may be converging, but budgets are not. Only 8% of CIO/CISOs intend to merge the security and networking budget along with the team. But budgets are moving backwards and forwards between the two, depending on which team is driving the big projects. 27% are moving responsibility and funding for network security to the security team to fund SASE and Zero Trust, but the same number (27%) is pushing security budgets in the other direction, handing them to network and infrastructure teams to fund a security-by-design approach.
A lot of resources and budget will be invested in the coming 24 months in the name of transformation, and there are huge cost savings and business improvements to be found. 4 out of 5 CIO and CISOs already report savings from their movement of security into the cloud, and projects have a long way still to run. Amid all this activity, it’s imperative that outcomes are not jeopardised by internal land-grabs, unnecessary bureaucracy, or a simple lack of collaboration between professionals in network and security roles.
Read the full report here, or make use of our eBook on the economic advantages of network and security transformation to help make the case for change in your business.