I am often asked what has changed and what will need to change most about cybersecurity in the next few years, especially as we come out the other side of a global pandemic that upended all kinds of plans. But let’s start by level-setting: the grand strategy for security—protect data—hasn’t changed. It’s the tactics that have changed, and more importantly, must continue to change.
Security and information technology leaders (ranging from the CISO to the CIO to heads of infrastructure and networking) that want a seat at the business decision makers’ table have to figure out ways to create business value with their investments and programs. This isn’t easy, but it is completely necessary.
Digital Business Needs Security
To achieve business performance and growth, companies must find ways to meet consumer expectations and seize market opportunities. Businesses must create new products and services or evolve current products and services that consumers want to buy, that are fit-for-purpose, and that reach more consumers, in more locations, more quickly than ever before.
In the current business environment:
- Speed is a currency—you have to do what you need to do more quickly
- Scale is a necessity—you must serve more end-users in a way that works for them
- There’s a war for talent, and employers are (or must become) more flexible about work arrangements—work from anywhere is here to stay
- Supply chains are essential to create products—you unavoidably need global partners to achieve all of the above
Leaders are quickly figuring out how to deliver the capabilities that support these business changes. They’ve discovered that business goals cannot be accomplished without adopting technology and that adopting technology successfully can’t happen without the ability to secure data to and from wherever it moves. We live in a data economy now. Data-driven business decisions are being made constantly and more rapidly. Every business, if it is to survive, is building models that inform it of consumer behavior and allow them to quickly pivot to accommodate the changes.
But none of this will happen—none of the real promise of digital transformation—without security transformation.
The Current Security Model Is Outdated—and Will Fail
The widespread use of cloud applications and the need for enterprise-grade internet access from anywhere are two trends that took hold much faster than most companies anticipated. It should by now be apparent to every business that in a cloud-first, work-from-anywhere world, security needs to become perimeterless. And not only that, but security must be able to follow a company’s most important asset—its data—and be contextually aware enough to protect that data wherever and whenever it is accessed, all while maintaining fast network performance and preserving a good user experience.
The data explosion is part of the challenge. By 2025 it’s anticipated there will be 175 zettabytes (ZB) of data (up 25x since 2010). When you add more technology and devices to create better products and services, you connect more devices to each other and to the internet. More technology and more connectivity increases your digital footprint and creates a larger technology estate. You’ve also just added more technology to compromise, more opportunity to disrupt the business operations, and more data to steal.
That’s why this moment in history is a profound one for security and IT practitioners. If left alone, the current operating model for cybersecurity will fail us in less than 5 years. It will fail to protect all that data, it will fail to stop threats, it will fail to scale. That failure will have implications that affect everyone, in every part of society.
But on the other hand, this is an enormous opportunity to rechart our course in security. Adversaries have become more frequent and more sophisticated, but as security practitioners, we have everything we need now to remake security to set us up for the next decade and beyond. Big things have happened an