With technology now recognised as a key component of overarching business strategies, expectations of what IT can deliver to organisations are escalating more and more. IT leaders are facing a ‘push and pull’ type pressure: everything must be faster, more adaptive, more agile yet, at the same, more secure, resilient and cost-effective.
Within this context, the threat of cyber-attacks is looming larger than ever before. As Pat Gelsinger noted during his recent VMworld keynote, “security breaches are the only things growing faster than security spending” – words that resonate more and more each day. Indeed, the National Security Agency’s deputy director warned of the increasing danger of organisations and individuals being victim to cyber-attacks, commenting that “if you are connected to the internet, you are vulnerable to determined nation-state attackers”.
What’s more, thanks to the connected world of modern business, shared data and social media, a significant security breach can cause unprecedented potential damage to the company and, in particular, the following stakeholders:
- The Board
No one is safe from feeling the pain of a security breach, no matter how senior. Just look at how TalkTalk’s share price plummeted after the recent hacking crisis that saw over a billion items of customer data stolen from its website. It was chief executive Dido Harding that fronted the company’s response and took the brunt of the media and public backlash. In fact, Labour shadow minister Jack Dormey argued Harding should consider her position. A hack of this nature leaves the entire management team open to accusations of negligence (are they doing enough to keep their data safe?) and intense scrutiny over how they respond to the situation.
Whether it’s loss of bonus, reduction in pay or even redundancy, a drop in share price following a security breach impacts the entire business and its people. Hacks can impact workers in other ways, however. Take Sony Pictures which, nearly a year after the devastating (and very public) hack it suffered, is offering up to $8 million as part of the ongoing lawsuit with former employees. The company will commit $2 million to reimburse expenses incurred by employees protecting themselves from identity theft following the hack and an additional $2.5 million fund will reimburse actual damages from identity theft, up to $10,000 per employee.
- Customers and Partners
A compromise in security and data extends far beyond the single company that’s been breached. Given the amount of data sitting with organisations, their partner ecosystem and customers themselves are left just as vulnerable. With serious consequences- such as social embarrassment from sensitive medical data being released, or identity theft as financial information is stolen – data security can, quite literally, be a matter of life and death for customers. Businesses have a responsibility to customers to ensure that the data they are entrusted is kept as safe as it possibly can be.
So how organisations best protect themselves and prevent these scenarios happening? How can IT ensure businesses remain robust, reliable and secure while also ticking the boxes of increased agility, performance and responsiveness that will deliver competitive advantage?
Change Happens, Get Over It
For a long time the IT department has tried to control change to maintain the security of their organisation’s data and operations. However, no successful business ever stood still – whether it’s expanding into new markets, bringing in new talent, launching new products – organisations can no longer guarantee that they’ll have same structure from one day to the next. This makes the traditional approach to security all wrong – it can no longer be about restriction and constraint; it now needs to be as dynamic and fluid as the rest of the business and its workforce.
Moving to a software-defined approach is not just one way of solving this; it’s the only way. In the software-defined era, security can move from being bolted on to being baked in. To use an analogy, the traditional security approach to security was to store the bike in a padlocked shed; now, with a software-defined approach, in the event of a thief breaking into the shed, businesses are able to give the bike square wheels and ensure that no one could ride it out! In short, it’s a game-changer.
By controlling the system through software – rather than the hardware – organisations are able to simplify and unify security, from the core of the infrastructure through to it point of use. Allowing for the first true implementation of micro-segmentation, businesses are not only more secure, but they can manage security more efficiently and at half the cost of a traditional system.
At its heart, a software-defined approach is about enabling change. Being ready for it and being able to react appropriately. Cyber-threats are multiplying, but they are also changing, overrunning traditional security measures and leaving critical data in precarious situations. Businesses must address this – not simply to save their customers and the relationship they have created, but also to save themselves.