Future-proofing Comes of Age in IT Security
Future-proofing Comes of Age in IT Security

None of us has a crystal ball, but we can put measures in place to move forward with confidence, taking advantage of new opportunities and addressing new challenges as they emerge. I'm referring to the business imperative of “future-proofing” in our hyper pace of change and disruption.

Automobiles are now including Apple's CarPlay and Google's Android Auto for navigation, entertainment, communication, and more, so you aren't tied to obsolete systems built into the dashboard. Buildings designed to support modular office space and wifi are now the norm to flexibly address the evolving demands of businesses. We're even future-proofing our own futures with adult communities that offer a full range of services so more of us will be able to age in place.

Future-proofing is a no brainer, because it helps maintain value and reduce risk. But it isn't easy to realize. In fact, for years security professionals who wanted the very best solutions to protect their organization decided to buy a new box to address new threats and attack vectors. Today, most large organizations have dozens of tools that don't work together and even smaller enterprises are grappling with a patchwork of disparate products.

But this approach has run its course and is being re-evaluated by the many customers I speak with. Research conducted by Jefferies finds that a majority of organizations are looking to consolidate their products and vendors but not at the expense of functionality and security. In other words, they want to future-proof their security with the best protection, without the expense and hassle of cobbling together multiple point solutions.

An open security architecture makes it possible to future-proof security by integrating multiple best-in-class platforms to deliver innovation and effectiveness without piling on complexity. You have access to the innovative technologies you need to securely transition to whatever the future holds – new business models and threat vectors – while respecting resource constraints. Here's how.

Openness and flexibility should account for future security needs. When an organization shifts its business model to open more branches, hire more workers, or adopt more SaaS apps, it also increases security risk. With an open architecture you can turn on additional layers of protection using existing investments in VPNs, network security, or routers. You can add functionality to block threats, malware and connections to bad IP addresses, URLs, and domains so that you can secure users and branches in minutes. You can also add a cloud security platform to monitor third-party cloud applications, instantly highlight any risky apps, and automatically update policies across your infrastructure. 

You already know threats like spam and business email compromise are on the rise. Do you have the flexibility to make your email security more effective against innovative adversaries who are embedding malicious documents in PDFs to evade detection, rotating subdomains to hide the IP address of the server, and relying on Tor2 web proxies to remain anonymous? With an open architecture your email protection can evolve to detect and block these advanced threats. By simply activating a software license, you can turn on advanced malware protection that is continuously and automatically updated with the latest threat protection.

Yet some things never change – resource constraints. The security benefits of an open security architecture are undeniable, but what about the financial benefits? The future probably doesn't hold substantially more resources for IT teams – pinched budgets and the well-documented shortage of cybersecurity experts are a fact of life.  An open security architecture can help here too. In my last article, I discussed in detail the ROI of an open architecture in terms of improved security efficiency, increased IT productivity, and lower hardware/software costs. But there are additional considerations.

Think about the typical costs and time associated with researching, going out to bid, evaluating, selecting, and then onboarding a new security vendor. Not to mention the weeks or months it can take to prepare and deploy the solution, all the while leaving your organization exposed to that particular risk you are trying to mitigate. Contrast that scenario with the earlier example of Apple CarPlay. Auto manufacturers knew things would change moving forward, so they made a system that could be upgraded easily using technology and a quick stop at the dealership. Similarly, when a security architecture is open you can incorporate complementary best-in-class offerings from other vendors much more seamlessly. Beyond APIs, a truly open architecture reduces change costs to nearly zero, shortens deployment to a matter of days, and includes support through the channels you already work with.

Openness also encompasses flexibility in the form of investment protection with a growth allowance. For example, if you hire 10 more workers, can they be grandfathered in or must you pay to protect each new employee? You never know, but it doesn't hurt to ask.

New business models, evolving attack vectors and threats, and resource constraints are a fact of life for every security organization. With an architecture that can integrate multiple best-in-class platforms, future-proofing has finally come of age for IT security. You can make the most of your security dollars and your security destiny – maintaining value and reducing risk as new opportunities and challenges emerge.