Why Cyber Security is the New Operating Model

Posted on December 18, 2017


With 95% of businesses in some form of digital transformation (Forbes Insights – How to Win at Digital Transformation), and according to Gartner, 90% of these are leveraging Cloud computing. With cloud computing underpinning much of this transformation the frequently stated biggest concern is SECURITY.

It is not an accident that Cloud Computing is driving the new consumption models in the digital economy. It is the natural evolution of computing, following in the footsteps of Mainframes, Client Server and the Internet before it. The parallel being equivalent to the move from owning your own Power Generator, to tapping into a regional generating company that ultimately evolves into a national power grid. So it is with the journey for computing, but it is doing so not in decade long timelines, but in years and months. As computer rooms moved to local datacentres and now to the Cloud, services are now updated on a monthly basis, feeding a voracious business appetite for new ways to innovate.

Cloud is the undisputed medium to support accelerating Business Growth through greater agility, scalability and reliability. It allows business to focus on the ‘What‘ rather than the ‘How‘. To innovate at a cadence of our digital society. Oh happy days you would think, but for human fallibility! If organisations cannot get Cybersecurity right in their own on-premise back yard and controlled environments, why do they think that applying the same attitude to Cloud computing will succeed? Cloud resets the security approach from threat through to protect, which offers opportunity to learn from the past and re-set attitudes to the new world.

“That men do not learn very much from the lessons of history,
is the most important of all the lessons of history.”

Aldous Huxley

So now multiply up digital transformation and cloud complexity with an increasing number and sophistication of attacks. It is not hard to see that customers and their traditional Systems Integrator’s (SI’s) are heading for a perfect storm without a Cybersecurity heavyweight partner in their corner. The truth is that most security professionals believe you can be more secure in the cloud, but few businesses lead by embodying security.

Technically securing the Cloud is a single dimension on what organisations are actually struggling with when they engage Cloud computing. The full nature of a Cloud engagement is a Digital Transformation in the true sense, it disrupts, It takes the security challenge deep into an organisation operationally and touches all areas of people, process and 3rd party interoperability. The biggest shift is in the acknowledgment that Cloud Computing is a code and configuration challenge. Yes, its software and infrastructure = Code, as is its interoperability (API’s etc). Cloud security demands a configuration + interoperability security awareness that is not found in traditional security teams or practices, demanding a fundamental shift in developer and infrastructure teams and InfoSec attitudes.

If organisations thought that was as far as the dial had to be turned, then they are wrong. The speed of change in technology consumption habits and delivery practices introduces yet more dynamic risk. This requires a focus away from the traditional threat actor and onto the organisation itself.

Organisational transformation may be driven by an enumerable blend of factors but one that is consistent is their motion (consciously or unawares) into a permanent transformative state, Cloud is always changing, change is the new norm. This Transformative state is one that no longer adheres to the static workload, waterfall control bounded practices of the past. It’s a new ‘Zero Trust Network’ dynamic Governance attitude, underpinned by an Identity and Data security centric approach to security. This is best serviced through an agile and lean culture that can embracing the Evergreen present and short event horizons of the foreseeable future.

Information security becomes a pivotal issue in today’s heterogeneous cloud environments. It fragments the traditional Network edge, workload centric security models, requiring an operational mind shift to Intelligent Edge Governance. Not a device edge but a data and Identity edge, secure your data and trust your identities. As Cloud’s predisposition to interdependency on 3rd party interconnected services and product mashups grows, Cybersecurity can no longer be left till later in what is now a real time / just in time digital economy. Where users are transforming technology consumption models faster than any business can evaluate, document and mandate. Data will flow, identities will roam and users will use (and lose); what we are experiencing today is just the beginning.

If that was not enough, IoT (Internet of Things) is driving new paradigms, pushing compute to the edge, or in the latest evolution ‘Fog Computing’. Yes you read that right, in fog computing the Fog IoT application will decide where the best place is to do really fast actionable outcomes from interconnected IoT data sources.

This puts Cyber Security at the heart of a modern business operating model. IF organisations do not have this built in at a cultural DNA level, they can regard themselves as still being in BETA.

Moving to the cloud is quite rightly pushing cyber security to the top of the risk agenda. For organisations to gain confidence and trust in the cloud requires a new operating model that places Cybersecurity at is heart. They need to adapt and adopt Cybersecurity as the New business operating model.

As psychology teaches, fear can be regarded as a positive or negative emotion. Negative emotional responses can be debilitating driving panic or knee jerk responses, where as positive ones can be liberating opening us up to a greater potential hidden within ourselves. Businesses as a reflection of their collective individuals often demonstrate through their cultural trait’s similar response profiles.

If we address the biggest concern organisations have with moving to the cloud, security, then organisations should be embracing and splicing it into their core DNA.

It is as fundamental a decision to apply Cybersecurity in every aspect of the digital economy, as it is to decide to cast off a buoyancy aid and swim if you intend to live on the water. A Cybersecurity business culture is inherently resilient, (NB: that is not the same thing as 100% security), it fosters in its people a can-do attitude that can harness the digital economy to realise the maximum innovative potential from their business. Why, because they know how to go to the edge of their digital risk envelope and no more. It is a revolution on the current business cultural norm that regards its security as a blocker. Any wonder companies are failing in the digital economy, stuttering from risk assessment to security budget begging bowl in a gated manner that frustrates innovation, self-defeating their full potential. Sitting on a supply chain that is assured once very 12 months at best, so incompatible with a real-time evolving threat landscape.

So, when you look around you at your next industry event, see if you can spot those you think can go to the edge of their organisations digital risk envelop with confidence. All the rest are perhaps unwitting actors in a walking dead digital sequel, is your company one of them?