CIOs and IT leaders were presented with a nearly impossible task when the pandemic hit in March 2020: redesign IT to support business model transformation and accommodate a fully work-from-home workforce.
Those who were already defying convention with digital transformation were well-prepared for the situation, while others were stranded without an alternative in sight, watching better-prepared, more agile competitors thrive. Without the tools in their arsenal to deal with this challenge, the underprepared pushed as hard as possible to keep up by any means necessary – but working harder isn’t always smarter.
Effort alone was not enough because of the fast-changing threat landscape with new waves of attacks such as ransomware. Not only was speed in deployment important, but safety and security were equally critical. In their haste to keep up with the competition, organizations de-prioritized the security of their businesses, and many are still paying the price.
Just look at some recent numbers, which underscore how serious the situation has become:
- In 93% of cases, an external attacker can breach an organization's network perimeter and gain access to local network resources, according to penetration testing projects carried out by Positive Technologies during the second half of 2020 and first half of 2021.
- Globally, data breaches cost $4.35m on average – a new high and 13% increase over the last two years, according to a report released by IBM and Ponemon Institute.
- 83% of organizations experienced more than a single data breach over the last two years, based on the same IBM and Ponemon data.
Despite this evidence, far too many CIOs still see the shift caused by the pandemic as the exception rather than the rule. It’s not. They think time will pass and life will go “back to normal.” It won’t. They believe they can get away with conducting business like they always have without taking any courageous steps towards change. They can’t.
The alarm bells are ringing louder and louder with each passing day. Will it consume the company? Or will management act now before it’s too late?
Several CIOs we speak with are at least clear that they need to make a change, but they feel stuck because of existing contracts and legacy systems from long-standing incumbents in the telco market. These systems and contracts were designed to keep customers locked in at all costs without any real concern for the challenges those customers face or could face in the future. Because of this tangled web, CIOs often continue with the status quo, effectively digging a deeper hole by the moment.
Several other CIOs are addressing their security problem and are doing so in a logical way: with a security-first approach. Unfortunately, this approach typically keeps security and network teams separate from each other, which causes a whole new set of problems that makes it difficult to scale. Creating even more confusion here, there are security vendors (Palo Alto Networks and Zscaler) that sell customers on the promise of SASE, when they are actually delivering SSE, since they don’t have the connectivity component. These companies are essentially trying to change the definition of SASE, leading CIOs astray.
Don’t lose hope, though many may feel lost. CIOs do have options, and it doesn’t require them to destroy their existing systems. It does require them to throw conventional wisdom out the window and try something bold.
CIOs need to evaluate all the networking and security solutions they have and begin moving their IT infrastructure over to a unified, cloud-based service that includes SD-WAN, firewall-as-a-service (FWaaS), cloud access security broker (CASB), data loss prevention (DLP), secure web gateway (SWG), and zero-trust network access (ZTNA). And it doesn’t have to happen all at once, it’s a never-ending process. Each step in the transformation delivers a major benefit to businesses, and when combined, it results in increased network performance; bolstered security for devices, data, networks, and infrastructure; improved scalability, and overall cost reduction. Going through the transformation process one-step-at-a-time lets businesses maximize their existing assets, continue business without interruption, and get to an optimal state faster than starting from scratch.
Start by applying zero-trust principles across networks, devices, and data, both in the cloud and on-prem. Zero-trust has become an important component to enterprise enablement and true mobility because it helps companies create policies once and manage them centrally across the organization, making it a perfect blend between speed and security. Successful businesses can’t ignore the security of everything the cloud touches - data, applications, devices and beyond. If they do, they will continue to suffer the consequences.
While the pandemic forced many businesses into unfamiliar territory, there’s still time to reverse any damage done. All enterprises have options to repair the systems that were compromised because of forces outside their control, but it requires courageous action. It’s no longer an option to maintain the status quo. The next time society gets thrown a major curveball organizations that stood still will regret it in the form of weakened security, poor network performance, dissatisfied customers, and premium pricing for solutions designed to clean up their mess. Now’s the time for unconventional action, so when that inevitable day does come, be the envy the competition, not the other way around.
Renuka Nadkarni, chief product officer, Aryaka