As cybersecurity professionals see a massive shift in their IT infrastructure, particularly with the march to the cloud, updates to threat and security models are also in order.

But businesses often don’t understand how the adoption of something new fundamentally changes the threat landscape, said Ted Harrington, executive partner at Independent Security Evaluators. Harrington spoke with SC Media Editor in Chief Jill Aitoro during an SC Media virtual conference.

Instead, companies view change in one of two ways, said Harrington: “This changes everything about the business, except security. And that’s not true. The other is: This change has solved all of our security problems. And that’s also not true.”

Click here for access to SC Media’s “Secure Cloud Series: DevSecOps in High-Velocity Environments” virtual conference on demand.

To get an idea of how a big change affects security, Harrington said cybersecurity professionals can look to other examples already underway, such as the internet of things, artificial intelligence and machine learning.

“Each of these things go through similar sequences: here’s a big change that’s happening, it impacts security, how do we think about it in terms of actually adapting?” 

As change comes, one way of getting a company’s software developers on board with integrating security is to expose them to the outside security consultant.

“Just by talking with each other, these ideas will transfer. Knowledge will definitely transfer,” Harrington said.