Security in the Age of Digital Transformation
The world is changing. In and of itself, that’s not new. The world has continuously evolved and adapted since the dawn of time. What makes it different now is that technology compresses timeframes and accelerates the pace of change. This age of rapid digital transformation makes it more important than ever for companies and cybersecurity professionals to have honest conversations and work together to ensure security is a core focus and not something that is bolted on after the fact.
Age of Digital Transformation
It’s only within the last 40 years that the personal computer came onto the scene, and it wasn’t that long ago that a household might have just one PC that was shared by the whole family. Now, it’s not unusual for every individual in a household to have their own laptop or 2-in-1 hybrid, and most people have a smartphone that keeps them connected to the internet 24/7 from virtually anywhere.
Digital transformation isn’t just about the evolution of personal computers, to laptops, to tablets, to smartphones, though. Digital transformation literally permeates every aspect of our lives today. Homes today have a variety of sensors and connected devices — thermostats, smoke detectors, refrigerators, lights, alarm systems, motion sensors, smart speakers, connected locks and more. The state of your home is constantly being monitored by these devices and all of that information is beamed to the cloud.
From the homeowner’s perspective, though, this digital transformation happens behind the scenes. Individuals just install a few apps on their smartphone that enable them to have complete visibility and control over their homes. They don’t need to build or understand the backend infrastructure. They just install devices and apps and use them to streamline and simplify their lives.
There are also security concerns with all of this data. You don’t want companies, random strangers, or attackers to have access to cameras or microphones in your home that might let them spy on your activities, or access to information that lets them know when you’re home and when you’re not. As important as security is, though, it’s just as important that the security be frictionless and transparent to the end users.
The vision I had when I started Qualys in 1999 is slowly becoming a reality. I am very optimistic about the future of security — but part of that optimism revolves around making sure the right people continue to have the right discussions to move the needle in the right direction.
It took 150 years for humans to adjust to technological advances from the late 1800’s. The world shifted quickly as things like the automobile, light bulb, telephone, airplane, radio, television, and more came into being. In a matter of about 65 years mankind went from not being able to fly to landing on the Moon.
Technology is changing very rapidly and very profoundly. Changes in technology bring with them significant changes to the world in general — creating a domino effect. If you don’t adjust and adapt, you will get left behind, and in today’s always-connected world that includes adapting security to keep up with the pace of change.
The C-suite needs to understand the importance of security and its role in facilitating it. Some executives — especially those from non-technical companies — find the subject of security intimidating. However, it’s crucial that executives are aware of security and privacy concerns and take the steps necessary to address them. If they don’t or can’t understand, they need to hire cybersecurity professionals who do.
In order to address security in the age of digital transformation, we need to engage with company executives and have open, honest conversations about both the problems we face, and the potential solutions. That’s why I am pleased to announce the CIO/CISO Interchange.
The CIO/CISO Interchange is a non-profit, non-commercial organization founded by myself and the Cloud Security Alliance (CSA). It’s a vendor-neutral open forum for discussions, debates, and sharing information between CIOs, CTOs, and CISOs about securing the next generation of information technology.
When I founded the original CSO Interchange in 2004 with the late Howard Schmidt, we wanted to elevate the conversation around vulnerability management. It was important for companies to understand the importance of identifying and remediating vulnerabilities before the bad guys could find and exploit them. Finding and fixing vulnerabilities is a lot of work, and it was not something that many companies were doing at the time. Eventually, vulnerability management entered the mainstream, and the event faded away as it was no longer necessary.
It’s time again to do something similar for security in the age of digital transformation. I partnered with the Cloud Security Alliance because it has done an excellent job advocating for and bringing awareness to the topic of cloud security. It is a very strong movement, with 100 chapters and 80,000 participating security experts.
The goal of the CIO/CISO Interchange is to make the C-suite aware that bolting on security after the fact just doesn’t work. Trying to add security after the fact is like trying to swim upstream — it is much more difficult and never fully works. We have an opportunity now to shift the paradigm. Companies need to have a security first mindset and bake security in to the very foundation of digital transformation.
There are plenty of security conferences throughout the year. Conferences tend to be vendor-centric, though, and revolve around security vendors launching new products and patting themselves on the back for incremental improvements in existing technology. They are filled with buzzwords and marketing hype, and they don’t foster the sort of honest conversations that are necessary to truly understand and address the problems we will face in the next 3 to 5 to 10 years.
People from companies of all sizes and industries will be gathering today for our inaugural CIO/CISO Interchange. At the end of the day, the size of the company is irrelevant. Even the smallest company can have a huge impact on the world around it. We are starting out small with local, regional events of 50 to 100 people. The goal is to bring people together who have something to say — not something to sell. Our goal is to acknowledge the problems, but focus on the solutions — in a forum where we can all speak honestly without a vendor trying to sell something.
The Future of Security
We are living in a truly awesome time, and technology continues to transform and improve our lives. If we want to be able to take full advantage of technology and enjoy the benefits it provides, we also need to understand the risks and take steps to secure and protect the technology as well.
The future of security in a hybrid world where everything is connected to everything will depend on the 5 core tenets of security: Visibility, Accuracy, Scalability, Immediacy, and Transparent Orchestration.
While accuracy was and still is an essential foundation for security, visibility across the new hybrid IT environment is even more critical. In the new digital era, the attack surface has significantly expanded to include on-premises, endpoints, Internet of Things, big data, cloud, and mobility. And we simply cannot secure what we do not know and cannot monitor.
Transparent Orchestration gives organizations the ability to automatically and seamlessly ingest, correlate and analyze security information from many sources and respond accordingly in real-time. This is clearly the new frontier for security in this digital age.
By following these principles and working together, we can make the cloud secure and we can make that security transparent to the end users. That should be the mission of every security company — and it is the purpose of the CIO/CISO Interchange.
Companies that build that vision will succeed. Those that don’t will be relegated to history.