Grant Bennett, Country Manager for SUSE South Africa and Sub-Saharan Africa, on what CISOs should be prioritising in 2019.
Cybersecurity has proven to be a ‘problem child’ in 2018 and 2019 will be no different. Given we are well entrenched in the technology era and businesses are revamping their business strategies to include a host of opportunities, the focus on security must be a key component of this –making the job of a CISO a challenging and important one.
If we consider that global annual cybercrime costs are expected to increase to US$6 trillion by 2021, with cloud-based ransomware attacks growing globally, then a CISO cannot ignore the possible impact of this on their organisation.
Of course, the magnitude of damage that can be caused as a result of a security breach by cybercriminals causes concern for most. And while we all understand that in today’s business a cloud solution should be examined to maximise business performance, flexibility and to become agile – the reality is that cloud security concerns still hinder adoption.
The widespread adoption and easy acquisition of cloud resources is creating both opportunities and challenges for business and IT. Cloud opens up new, unprecedented opportunities for expanding services, growing revenue, and entering new markets. But the ease with which cloud services can be acquired creates significant challenges that need to be addressed – compliance, vendor lock-in, data sovereignty, security, and Shadow IT.
Among the three cloud options, private cloud continues to be the preferred delivery mechanism for business-critical applications that demand high security, low latency and consistent quality of service (QoS) delivered according to pre-defined SLAs by CISO. Running on a dedicated infrastructure – either in-house or with a cloud service provider – private cloud offers the security, control, and performance that enterprises are looking for.
While this has often in the past translated to a higher cost structure, the use of industry-standard infrastructure, open cloud solutions, and flexible, consumption-based pricing models is driving down costs and creating parity between private and public cloud economics.
As a result, it is vital that CISOs stress the importance of how security in the cloud can be achieve and maintained as businesses grow and their needs evolve in 2019 – mitigating any concerns that hinder option.
In fact, in 2019, the role of the CISO will likely mature and go beyond this justification, with far more focus given to isolating data and finding more efficient methods to secure the cloud to counter the sophisticated attacks of cybercriminals. And this focus is certainly an indication around how compliance and security sentiments are changing and now needs to be seen as a priority in the IT departments.
As an industry, we’ve realised that security should lie at the heart of any Digital Transformation initiative and should never be an afterthought but built-in by design. From the beginning through to completion, it should infiltrate every part of the project. The code should be secure, as well as the design and processes.
DevSecOps should be applied for applications as well as the cloud, infrastructure and work with partners. Education around security will continue to be vital, especially with human error continuing to be a major security threat. Organisations and CISOs will need to look to create more security ambassadors next year who can advocate for employee awareness around the individual role in overall security.