In today’s business environment, companies have three major challenges – making a profit, finding great people, and staying ahead of the competition. That’s quite enough, but they also have major operational challenges with IT, cyber security, and compliance. For example, IBM Security Services reports that it’s not unusual for clients to have more than 15 different cloud providers – and probably more they don’t know about. How do business and IT leaders deal with that when they don’t even know how many clouds there are, or what data resides on those multiple clouds? They can appoint new people into new privacy and security positions to cope but is that enough? Given the cyber threats the business now faces, it most likely is not.

Hail to the chief security officer

Most recently, the number of companies falling victim to ransomware attacks has seen a steep increase. The fear that ransomware and other forms of cyber-attack will have a serious impact on the US economy led to President Biden’s Executive Order on radically improving cyber security within Federal Agencies. This seriously upped the game for those vendors that wish to supply into the Federal Sector, and the rigorous standards they will now have to meet.

The Executive Order is far reaching and will have an impact on the private sector where the cyber threat is no less acute. The order states: “The trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.” This almost perfectly describes the situation that many private companies now find themselves in when looking for partners to improve their own security posture against the worsening threat landscape – trust is all important as is the ability to provide modern scalable security platforms that are compatible with legacy platforms.

What IT buyers are looking for now, and why

Buyers are looking for an integrated approach to data security, privacy and governance – and looking for trusted partners to provide such solutions. The major challenge is that IT infrastructures for many organizations are of necessity more complex as they seek to make progress on digital transformation with clouds, infrastructure as code, third party and customer identity management etc. – and this has made a consistent approach to security and governance harder. Too often, incompatible legacy solutions are preventing a fully joined up holistic approach to security and governance and creating pain points across the enterprise. With modality now the order of the day for larger enterprises clients want to see vendors and service providers who understand the customer’s pain points and how they are trying to address it, reaching further into relationships that scale and mature.

Finding the data and then protecting it is not easy

Understanding data is central to innovation, efficiency and productivity and therefore its protection is paramount. To make use of data, teams must know where it is. Data on customer behaviour is hugely valuable to defining new services and products but it’s also sensitive and needs protecting. Thales, a global digital identity and security company, advises that encryption is a good solution, but it too must be managed, be best in breed so that it 100% protects data but does not stand in the way of access to those that need it. Encrypted data is useless to hackers, but it is also no good to users if they cannot decrypt what they need with zero latency.

There is of course no silver bullet when it comes to protecting data and applications but for any security infrastructure to succeed following an internationally recognised framework such as NIST is advisable. It helps with purchase decisions, deployment and operation to follow accepted and recognised patterns and will also help with meeting compliance demands. The best IT services providers and integrators will be able to ensure that any security project or data protection platform follows recognised and suitable frameworks that also fit the culture, operations and market obligations of the client.

Clients do not want to rip out legacy technologies to conform to an individual platform – so solutions must have as many integrations as possible – a “perfectly baked cake” that covers the full spectrum of integrations that plays nicely with other applications in the stack. Of course, writing this is simple, doing it is much harder and few organizations these days can achieve security solutions suitably hardened and stressed tested against compliance standards and known vulnerabilities without expert help that understands business.

Poor security costs more than dollars

The cost of inadequate or badly configured IT security is not just measured in lost production or through ransomware payments but also in loss of reputation and brand damage after a breach. And, since the emergence of consumer privacy regulations such as the EU GDPR, organizations have had to ensure that they protect PII or be subject to fines. This comes at the same time as enterprises are introducing more consumer focused digital services putting further emphasis on protecting customer data. If that is not secured any new digital relationship with customers (CIAM) will not work – the trust will not be there. In those less regulated markets where Privacy Regulation are less severe this may matter less in dollar terms but a reputation for good security and looking after customer data will do brands no harm at all in any market.

Increasingly businesses should see spend on cybersecurity not as cost but as an investment – in the company, its people and its future. Further, in the joined up interconnected supply chains we are accustomed to – companies increasingly wish to do business with other companies that proactively think about security – and can be seen to tangible taking steps to be as secure as possible.

It is about reputation with customers and partners in supply chain. It is about competitive positioning. For example, legacy financial institutions need to compete with more agile cloud native FinTechs who may have a more baked in security layer. To compete they will demand a security and privacy fabric entwined with their clouds and, importantly, legacy infrastructures – and they will look to trusted IT partners to provide this.

See also