Guest blog by Johna Johnson, CEO and founder, Nemertes Research
According to Nemertes Research, more than 42% of enterprises now see security as a business enabler. This hasn’t always been the case. In the past, security and compliance were considered necessary evils, with minimal budgets and attention bestowed on them. Not any more. The increasingly sophisticated threat landscape, combined with ever more serious consequences of breaches, has driven a new mentality around security at the enterprise level.
Gone are the days that the CISO can focus solely on the technical details and operational emergencies. The modern CISO is transforming into a business enabler, with a full seat at the executive table. Translating the technical details of security and compliance into the language of the business is now a required skill, as is creating a higher-level security and risk strategy that encompasses a broader set of functions. What will emerge is the “Office of the CISO” over time.
Accelerating this transformation will require that CISOs learn new skills, build support networks, learn the details of the business and plan a path away from day-to-today operations. And new, emerging technologies can help as well.
The same survey shows that 71% of enterprises say security has stalled, or is stalling, the deployment of new technologies, most often cloud and mobile solutions. One reason for this may be that most of the tools at security’s disposal are antiquated. If you’re moving at the speed of business, tools architected 10-20 years ago won’t allow you to enable new services fast enough to keep up with the business.
From a technical perspective, it’s easy to identify the rapidly changing IT landscape that needs to be addressed:
|Hard-coded IP addresses||Identity separated from network location|
|Servers that live forever||Elastic infrastructure|
|Vertical scaling||Horizontal scaling|
|Applications frozen in place||Moveable workloads|
|Monolithic applications||Services-based architectures|
To move in all these new directions in the infrastructure—in order to deliver all the new services that want to rest on such foundations—IT needs security that can:
- Scale horizontally along with workloads, without breaking the bank in licensing cost
- Deliver a management interface that understands the horizontal model
- Deal with units of infrastructure and function ranging from the new—(microservices in containers) to the old (monolithic old applications on virtual or dedicated physical machines) by being neither too heavy to accompany the smallest units of function, nor incapable of dealing with workhorse enterprise applications already in place
- Move from place to place among multiple data centers, or into the cloud, right along with workloads they are protecting.
In summary, a next generation security solution needs to be able to reshape itself hour by hour—or even minute by minute— to match the pace of change in the application infrastructure. Only then can security both be an business enabler and one that makes innovation possible at the speed of business ca. 2015.