Businesses are juggling a lot at the moment, but there are two non-negotiables which they can’t faulter on, whatever the circumstances. One is to deliver consistently exceptional experiences to users, whether internal or external. And the other is securing the applications, devices and infrastructure on which these experiences are founded and built.
Yet, with the consequences of a breach so high, companies are struggling to prevent one priority from offsetting the other. In fact, 61% of IT teams and 52% of developers say that security policies are proving a barrier to innovation, and by extension, differentiated experiences. Years of bolting on new solutions and products to protect against an evolving threat landscape - a trend accelerated with the rise in hybrid working – have rendered many organisations’ IT estates a vulnerable mess of platforms, systems, and solutions. It’s not a pretty picture, and certainly not conducive to an iterative and collaborative approach to innovation.
Many organizations are rightly enlisting the help of trusted partners to combat this challenge. Their ability to objectively assess a company’s IT environment, alongside its immediate business priorities, means they’re best placed to help develop a plan that will achieve the all-important balance of security solutions (and perspectives), and inform an intrinsic defence that facilitates both security and innovation.
It’s this holistic view that makes partners inherently valuable. But as I touched on in my conversation below with my colleague Scott McKinnon, Principal Security Architect, EMEA at VMware, it requires an in-depth understanding of how security should look across each business.
As McKinnon said, “Security needs to be like electricity in a building – when you need it, you plug into a socket and you consume what you need. This isn’t happening at the moment, and this is the opportunity for partners.” As is the case with any successful partnership, working hand-in-hand with organizations is key to understand their internal parameters and business drivers, and how security can deliver against them.
“There are three key areas at stake,” McKinnon continued, “What it means for the user, what it means for workloads, apps and data, and what it means for security operations.”
Three key tenets governing security
Those three buckets can be boiled down as follows:
- Users need to be able to work, to use the applications, data and services they want, in the way they want it, in the location of their choosing
- Workloads, apps and data in response need to be completely secure, yet just as dynamic – still able to move and share as required
- For Operations, the actual implementation of security that can detect, protect, and respond appropriately is critical. It needs to deliver total protection without restriction
Underpinning it all is the concept of zero trust. Organization everywhere are talking about this approach, but as McKinnon rightly asks: “are they actually implementing it?”
Time for Zero Trust
In today’s world of apps, data and constant sharing of networks and information, enterprises are turning to zero trust to deliver dynamic security.
Apps are the key driver in this process. They’ve gone from being simple things in one location to decomposed apps distributed across multiple clouds. Right now, we’re seeing an explosion in the volume of SaaS-based apps and apps running on hyperscaler infrastructure. Many companies think they have deployed zero trust effectively to cater for all this, but the true implementation requires the introduction of a huge number of controls, across apps, endpoints and users. Truthfully, they’re likely some way off.
Channeling your inner chameleon
Partners have a big role to play in bringing together disparate, siloed parts of businesses that struggle to connect with each other if this vision for intrinsic, zero trust security is to be realized.
In our conversation McKinnon advised that, “We keep hearing of the gap between IT, developers and security. Partners are the bridge that brings all that together. They can talk to the different teams in the right languages; they can bring the outside perspective on how a policy can be implemented; they can audit and identify the gaps in protection”. Ultimately it’s partners that can take a holistic view, using their informed yet detached position, to help solve the problems of organizations, so they can drive the coordination that’s needed between the different parties.
Assessing the lay of the land
Partners seeking to have that level of impact need to understand what the business’ current IT landscape looks like first. It’s about assessing the ‘As Is’: what the business wants (strategically) and what it needs from its security, where vulnerabilities lie, and which consolidated or optimization opportunities might exist.
And it’s that last part that is so valuable. It’s simply not feasible or efficient for businesses to throw away current investments and technology. Instead these assessments should highlight which existing solutions are being underutilized and could be better used, alongside which vendors offer complementary tools. It’s part of the process of going beyond being a transactional supplier, and instead positioning you and your organization as a strategic partner and advisor.
Bringing sense with security
Partners provide the opportunity for businesses to transform chaos, complexity and restriction transformed into order, innovation and dynamism, without compromising the security of their users, workloads and operations. Security no longer needs to be viewed as a barrier to change. In fact, quite the opposite. Security is now a vital tool for realigning business priorities and delivering great user experiences, the number one priority of modern business.
For more on the topic, visit here.