I am often asked what has changed and what will need to change most about cybersecurity in the next few years, especially as we come out the other side of a global pandemic that upended all kinds of plans. But let’s start by level-setting: the grand strategy for security—protect data—hasn’t changed. It’s the tactics that have changed, and more importantly, must continue to change.
Security and information technology leaders (ranging from the CISO to the CIO to heads of infrastructure and networking) that want a seat at the business decision makers’ table have to figure out ways to create business value with their investments and programs. This isn’t easy, but it is completely necessary.
Digital Business Needs Security
To achieve business performance and growth, companies must find ways to meet consumer expectations and seize market opportunities. Businesses must create new products and services or evolve current products and services that consumers want to buy, that are fit-for-purpose, and that reach more consumers, in more locations, more quickly than ever before.
In the current business environment:
- Speed is a currency—you have to do what you need to do more quickly
- Scale is a necessity—you must serve more end-users in a way that works for them
- There’s a war for talent, and employers are (or must become) more flexible about work arrangements—work from anywhere is here to stay
- Supply chains are essential to create products—you unavoidably need global partners to achieve all of the above
Leaders are quickly figuring out how to deliver the capabilities that support these business changes. They’ve discovered that business goals cannot be accomplished without adopting technology and that adopting technology successfully can’t happen without the ability to secure data to and from wherever it moves. We live in a data economy now. Data-driven business decisions are being made constantly and more rapidly. Every business, if it is to survive, is building models that inform it of consumer behavior and allow them to quickly pivot to accommodate the changes.
But none of this will happen—none of the real promise of digital transformation—without security transformation.
The Current Security Model Is Outdated—and Will Fail
The widespread use of cloud applications and the need for enterprise-grade internet access from anywhere are two trends that took hold much faster than most companies anticipated. It should by now be apparent to every business that in a cloud-first, work-from-anywhere world, security needs to become perimeterless. And not only that, but security must be able to follow a company’s most important asset—its data—and be contextually aware enough to protect that data wherever and whenever it is accessed, all while maintaining fast network performance and preserving a good user experience.
The data explosion is part of the challenge. By 2025 it’s anticipated there will be 175 zettabytes (ZB) of data (up 25x since 2010). When you add more technology and devices to create better products and services, you connect more devices to each other and to the internet. More technology and more connectivity increases your digital footprint and creates a larger technology estate. You’ve also just added more technology to compromise, more opportunity to disrupt the business operations, and more data to steal.
That’s why this moment in history is a profound one for security and IT practitioners. If left alone, the current operating model for cybersecurity will fail us in less than 5 years. It will fail to protect all that data, it will fail to stop threats, it will fail to scale. That failure will have implications that affect everyone, in every part of society.
But on the other hand, this is an enormous opportunity to rechart our course in security. Adversaries have become more frequent and more sophisticated, but as security practitioners, we have everything we need now to remake security to set us up for the next decade and beyond. Big things have happened and are happening, from advances in robotics, automation, AI/ML, and robust analytics, to (finally) an acknowledgment by the non-technical C-suite and board of directors that cyber isn’t just a risk factor, but must be judiciously funded as a business enabler. This will be the decade when the CISO, in particular, gets a seat at the table where the most important, most strategic business decisions are made.
I urge all security practitioners, at every level, to seize the moment. The good news is, you don’t have to do this alone.
Security Visionaries
Today we’re launching a new podcast, Security Visionaries. In every episode, the first two of which are now streaming, you’re going to hear from some of the smartest, most forward-thinking minds in security and technology. We’re not promising to solve every last problem in security transformation or pretend to know all the answers. We are promising to give you an open, honest, credible take on how to tackle transformation, given that so many of the voices you’ll hear from have lived through transformation as Fortune 100 CIOs, CISOs, networking leads, architects, SOC analysts, and overall practitioners. This is not a Netskope sales pitch, or a sales pitch from anyone else we bring on to chat with us. It’s an open conversation on the most important steps to take when considering your security transformation.
This podcast will be the first of many efforts you’ll see from us over the next year and beyond focused on transformation, including the expansion of the Security Transformation Playbook—a multi-platform effort combining written, audio, and video content to offer analysis, critical insights, and practical, no-nonsense ways to drive transformation with your team.
We’re very excited to share all of this with you. Drop me an e-mail or connect with me on LinkedIn and let me know what you think.
