While presenting to 300 CEOs of large companies
at a recent conference, I asked for a show of hands if their organizations are
driving digital transformation. Raised hands filled the room. I then said,
“Keep them up if you’ve transformed your security infrastructure as well.”
Almost every hand dropped, and I was met with blank stares.While corporate leaders around the world are
focused on technologies such as mobile apps, social media, analytics, and
artificial intelligence as catalysts for competitive differentiation, a yawning
gap exists between today’s new digital realities and the security capabilities
required to address them.The days when an organization’s data and systems
resided within its own walls and IT environments are rapidly receding into
history. Mission-critical business processes and sensitive data are moving to
the cloud. Users are growing accustomed to accessing them from anywhere, on any
type of device.
Consider that the typical Global 2000 company
has more than 1,000 software-as-a-service apps. Based on data from millions of global users, my company
has found that cloud services now account for 85 percent of all enterprise web traffic.As a Deloittestudy put
it, digitization is “moving
in multiple dimensions across multiple disciplines – beyond an organization’s
walls and IT environments and into the products it creates, the factories where
it makes them, the spaces where its employees conceive them, and where its
customers use them… Understanding that is as transformative as cyber itself,
and to be successful in this new era, organizations should embrace a ‘cyber
everywhere’ reality.”But
are they? The same study said that while organizations are
prioritizing digital transformation, only 14 percent of cyber budgets are
dedicated to securing transformation initiatives.Too many companies are still relying on
on-premises security hardware stacks built for an era when everyone was always
on the official corporate network and could be protected centrally. That’s
beating a dead horse: You can no longer adequately protect users from HQ
because the users and the data aren’t in HQ anymore.To make matters worse, these obsolete
infrastructures have become bloated with dozens of expensive point products.
Despite appliance vendors’ efforts to virtualize their software for the cloud,
these offerings can be a nightmare to integrate and manage – an especially
nettlesome problem with security skills in short supply.Whether they are modernizing existing
applications for the cloud or building new cloud-native ones, companies face an
imperative to improve their abilities to see, understand, and guard against
threats to their cloud services.The objective now must be secure connectivity –
whenever, wherever, and with whatever device. Think of it as an evolving
security cloud that follows users wherever they go.The 2019 Cloud Security report by my company and
Cybersecurity Insiders showed how acute the needs are for organizations to
reevaluate their security strategies and address the inability of most legacy
security tools to protect modern, cloud-based IT environments.Getting
visibility of security events across multiple cloud deployments was a prime
concern among the more than 350 security professionals in North America
surveyed for the report. Fifty-two percent named “data privacy” as their top
cloud security challenge, followed closely by “protecting against data loss and
leakage.”“As
workloads continue to move to the cloud, cybersecurity professionals
increasingly realize the complications in protecting these workloads,” the
report said. “Lack of visibility, compliance adherence, and consistent policy
enforcement” are the biggest headaches.While
the major cloud service providers – Amazon Web Services, Microsoft Azure and
Google Cloud Platform – have been expanding the security capabilities of their clouds, it is still up to
organizations to secure their data in
the clouds.Forresterestimates that the global market for cloud
security technologies will reach $12.7 billion by 2023, up from $5.6 billion in
2018. “As software, infrastructure, and platforms shift to the cloud, a new
breed of security services continues to emerge and grow to address the security
requirements,” the analyst firm said.That forecast provides hope that the disconnect
I witnessed with the CEOs’ hand raising and lowering is coming to an end; that
company leaders increasingly understand it makes no sense to keep investing in
legacy, on-premises security solutions in a digitally transformed and cloud
world (urged on by legacy vendors that hope to keep milking their old cash
cows).True digital transformation needs an
accompanying security transformation.Jason Clark is chief strategy and marketing officer atNetskope.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Despite deploying multiple solutions, many organizations struggle with alert fatigue and low threat detection accuracy, with 63% using over five tools but only 13% successfully correlating alerts.
While cost predictability and vendor lock-in remain concerns, GTT’s survey of U.S. and European enterprise leaders indicates that over half of AI workloads are now hosted in private cloud or on-premise environments.