While presenting to 300 CEOs of large companies at a recent conference, I asked for a show of hands if their organizations are driving digital transformation. Raised hands filled the room. I then said, “Keep them up if you’ve transformed your security infrastructure as well.” Almost every hand dropped, and I was met with blank stares.
While corporate leaders around the world are focused on technologies such as mobile apps, social media, analytics, and artificial intelligence as catalysts for competitive differentiation, a yawning gap exists between today’s new digital realities and the security capabilities required to address them.
The days when an organization’s data and systems resided within its own walls and IT environments are rapidly receding into history. Mission-critical business processes and sensitive data are moving to the cloud. Users are growing accustomed to accessing them from anywhere, on any type of device.
Consider that the typical Global 2000 company has more than 1,000 software-as-a-service apps. Based on data from millions of global users, my company has found that cloud services now account for 85 percent of all enterprise web traffic.
As a Deloitte study put it, digitization is “moving in multiple dimensions across multiple disciplines – beyond an organization’s walls and IT environments and into the products it creates, the factories where it makes them, the spaces where its employees conceive them, and where its customers use them… Understanding that is as transformative as cyber itself, and to be successful in this new era, organizations should embrace a ‘cyber everywhere’ reality.”
But are they? The same study said that while organizations are prioritizing digital transformation, only 14 percent of cyber budgets are dedicated to securing transformation initiatives.
Too many companies are still relying on on-premises security hardware stacks built for an era when everyone was always on the official corporate network and could be protected centrally. That’s beating a dead horse: You can no longer adequately protect users from HQ because the users and the data aren’t in HQ anymore.
To make matters worse, these obsolete infrastructures have become bloated with dozens of expensive point products. Despite appliance vendors’ efforts to virtualize their software for the cloud, these offerings can be a nightmare to integrate and manage – an especially nettlesome problem with security skills in short supply.
Whether they are modernizing existing applications for the cloud or building new cloud-native ones, companies face an imperative to improve their abilities to see, understand, and guard against threats to their cloud services.
The objective now must be secure connectivity – whenever, wherever, and with whatever device. Think of it as an evolving security cloud that follows users wherever they go.
The 2019 Cloud Security report by my company and Cybersecurity Insiders showed how acute the needs are for organizations to reevaluate their security strategies and address the inability of most legacy security tools to protect modern, cloud-based IT environments.
Getting visibility of security events across multiple cloud deployments was a prime concern among the more than 350 security professionals in North America surveyed for the report. Fifty-two percent named “data privacy” as their top cloud security challenge, followed closely by “protecting against data loss and leakage.”
“As workloads continue to move to the cloud, cybersecurity professionals increasingly realize the complications in protecting these workloads,” the report said. “Lack of visibility, compliance adherence, and consistent policy enforcement” are the biggest headaches.
While the major cloud service providers – Amazon Web Services, Microsoft Azure and Google Cloud Platform – have been expanding the security capabilities of their clouds, it is still up to organizations to secure their data in the clouds.
Forrester estimates that the global market for cloud security technologies will reach $12.7 billion by 2023, up from $5.6 billion in 2018. “As software, infrastructure, and platforms shift to the cloud, a new breed of security services continues to emerge and grow to address the security requirements,” the analyst firm said.
That forecast provides hope that the disconnect I witnessed with the CEOs’ hand raising and lowering is coming to an end; that company leaders increasingly understand it makes no sense to keep investing in legacy, on-premises security solutions in a digitally transformed and cloud world (urged on by legacy vendors that hope to keep milking their old cash cows).
True digital transformation needs an accompanying security transformation.
Jason Clark is chief strategy and marketing officer at Netskope.