More than four fifths (82%) of UK CEOs see technological advances as the main global trend which will transform business, yet in the rush to achieve digitally enabled change, the reality is that corners are being cut.
The current overwhelming message to boards is ‘disrupt or be disrupted’, so with businesses racing to ensure they can compete in the digital age, the security industry needs to ensure that IT can be deployed and secured in a way that supports both today and tomorrow’s business strategy.
Despite the ever increasing threat landscape, boards are always going to have the mindset of ‘business first, security second’. Of course, firms understand the consequences of a breach; they extend far beyond the concern of the IT department, to impact reputation and even financials – think Equifax. However, only 44% of respondents say their corporate boards actively participate in their companies’ overall security strategy. In fact many seem happy to sit back, oblivious to the threat level and keeping a tight hold of the purse strings until the worst happens. It is then easy to point the finger at the CISO and plead ignorance.
This is no longer acceptable. Security has to be an absolute priority. If failing to embrace digital transformation is a sure fire way to be disrupted, then failing to implement the required security is the absolute road to disaster. However there is a fundamental disconnect between the two. When the CIO goes to the board with the plan to move part of the infrastructure into the cloud, or upgrade the connection between remote offices and the data centre, more often than not the security aspect of that business critical investment gets watered down – at best.
Why? This is not just an issue of corporate mindset – in many ways the security market is culpable. From rigid products and architecture, to inflexible payment models, the way in which security is presented to the market is making it far too difficult for the board to recognise – let alone invest in – a solution that supports critical business strategy. In consequence, at best corners are cut and security postures weakened; at worse organizations simply carry on with their digital transformation plans with the hope that at some stage it might be possible to retro fit security.
The CISO today is facing an unwinnable battle – security products are too rigid, costs are too high, risks are too great. There is no doubt that mindsets need to change, but it is a far greater task than educating businesses. Not only do organizations need to stop side lining security, but the security industry itself must also make a fundamental change to ensure it offers solution rather than software that creates an additional headache.
Contact Certes Networks today to learn how we can help you embrace technological advances by protecting your data in motion with our Zero Trust security solutions.