The age of the digital enabled enterprise is upon us and it is both pervasive and precarious. Companies of every size and from every industry are transforming themselves by adopting and integrating next generation technologies — cloud, analytics, mobile, social, and the Internet of Things (IoT), which is making its way into every corner of enterprise and consumer life. With every new and powerful technology and capability comes an equally advanced and challenging threat. Enterprises must prepare now for a different threat landscape that requires constant vigilance. Security can no longer be an afterthought — it must be at the forefront of every business and CIO’s mind and part of every new technology discussion. This will mean changing the focus of IT investments and even the IT organization itself.
Daily headlines prove that security is often an afterthought in the age of the digital enabled enterprise. We note in a recent white paper, Security at the Speed of Cloud, that as more organizations embrace cloud-first platforms for everything from customer relationship management (CRM) to enterprise resource planning (ERP) platforms and beyond to transform into digitally-enabled enterprises, one thing stands in their way: security threats.
According to Gartner, over 125,000 enterprises are launching digital businesses with an expected digital revenue growth more than 80% in the next three years. The drivers are improved customer experience (CX) and increased customer satisfaction and profits at decreased costs. One source of savings, says IDC, is embedded data analytics or “cognitive services” — think Big Data with a brain — which will become one of the key foundations to digital transformation, providing over $60 billion in annual savings by 2020.
Accordingly, the IT organization of tomorrow requires new IT investments and new technology and business skills to accomplish the transformation into a true digitally enabled enterprise. By 2018, IDC expects that 35% of IT resources will be spent to support the creation of new digital revenue streams. By 2017, IT organization are expected to spend up to 30% of their budgets on risk, security and compliance according to Gartner. Clearly, security concerns are now hand-in-hand with digital enablement initiatives.
Respondents in our recent 2016 Logicalis Global CIO Survey cited security as the largest challenge related to their increased use of digital and cloud services. Additionally, Gartner predicts 60% of digital businesses will experience a major service failure over the next three years due to IT security teams’ inability to manage digital risk. This risk is not limited to the internal enterprise, of course, Gartner also notes the immaturity of many IoT technologies, services and vendors and the range of security vulnerabilities, threats and risks associated with these nascent technologies. Forrester says that IoT devices create an “expanded attack surface” enabling these devices to become “cybersecurity weapons.”
This makes cybersecurity a critical part of digital business enablement. Organizations must strive to achieve a high level of digital business resilience built on a security and risk management foundation. That foundation must include three key tenets:
Privacy. Customers must be assured of the protection of their personal data – especially that which is personally identifiable data (PID) which is often the target of hackers.
Reliability. Business resilience must be maintained in order to quickly recover from and remediate the damage cause by cybersecurity threats.
Next-Level Security. Beyond today’s end-point security model, digital business enablement cybersecurity demands an integrated, advanced threat approach for cloud security where security modules work in concert, not in silos.
Organizations will learn to live with digital risk. They will adopt the type and level of security they need and can afford. To do this, organizations will need to build security foundations that mirror their business goals. As IoT comes out of the fog — where the internet of things connects with the enterprise – organizations must focus on improving data privacy and security. This requires a more proactive and strategic approach to security and risk management. Organizations must strengthen overall security practices in the enterprise by integrating security — traditional security, cybersecurity, IoT security — into every part of the business. What CIOs and CSOs are charged with, more than ever before, is balancing protection, detection and response with the need to achieve agile business as a digitally enabled enterprise.