As technology becomes ever more inter-connected, sensing, intelligent and infused across a hybridity of work, daily life, education and entertainment use - the acceleration of hybrid cloud adoption becomes a critical enabler to operate and innovate more cost effectively and more efficiently too.
It is perhaps to be expected that in recent research of Senior Leaders in the US and Europe responsible for investment in enterprise technology, security emerged as their leading priority, notably around cloud infrastructure and application security, followed by investment in Cloud Services (CSS Insight).
There was a 300% increase in cyber attacks in March alone (FBI 2020), with the UK’s National Cyber Security Centre (NCSC) reporting a third of the cybersecurity incidents it investigated to be related to coronavirus. Security vulnerabilities can take time to be recognised with new research by IBM and the Ponemon Institute finding the average time to identify and contain a data breach to be some 280 days. This becomes a leading cause of external downtime, with associated costs ranging from over $150K for many mid to large firms to over a million for a significant number of other companies. A March Bit Vendor survey of 6000 infosec professionals (ITIC 2020) provides further context, reflecting that almost two thirds of businesses have experienced a data breach in the last 3 years.
There are costs beyond this too, for example loss of clients through loss of trust after a breach. And finally, is the often understated risk of internal threats whether this be through malicious intent or through user unforced errors. So how can organisations large or small best address the challenges and optimise the opportunities?
I believe the answer is two-fold – holistic alignment and pervasive encryption.
Alignment across Business and IT has been a perennial concern for many years (Luftman 2000) and it is critical to negate any disconnect between the decision-making insights and priorities driving practitioners and senior leadership. The data security and privacy context described drives home the criticality of implementing a holistic cybersecurity strategy as the foundational element of digital transformation strategy. Addressing this cannot be a retrospective afterthought, but rather must become embedded - built into the very fabric of operations, infrastructure and culture too. And this makes alignment an imperative.
One approach is encouraging co-creation to work on specific challenges like security. During an IBM Garage facilitated experience, C-suite executives co-create together with their team using Agile and Design Thinking methodologies to identify the different types of infrastructure solutions that will be most productive to their investment.
This always starts with evaluating the ‘as-is’ picture - identifying any gaps from skills or roles to access protection which could give rise to data breach potential - then moving on to plan the desired ‘to be’ state. Focus is given to the business case before any technical specificities and asking the questions that matter: what happens if you have a breach here? Let’s quantify that risk - how does it compare to what it would cost you to look at and make it as secure as possible now? Such an assessment can help build the flexibility and shared understanding imperative to work towards shared outcomes across Business and IT. With continual C-Suite role evolution, in particular a reshaping of CFO and CISO roles around change agency and strategic leadership (Eaves 2021).
The second approach is through pervasive encryption – and to be truly pervasive, encryption must be applied to data in all of its states. Some organisations currently adopt a more selective approach, for example encrypting a few percent or maybe even half of the data which they judge to matter the most. But rather than increasing protection, this can become a classic case of unintended consequences - in essence putting a ‘bullseye’ on this data so if any hacker does gain access, it’s this specially treated data that they will target first.
By contrast, pervasive encryption avoids any signposting of ‘what matters most’ and provides holistic end to end protection. As discussed in the Secrets of the C-Suite webinar by Bola Rotibi, Research Director at CCS Insight, given the rise in hybrid working at scale and the broadening data ecosystem this brings, such confidence is critical. Compliance requirements are also increasing with significant penalties for breaches. Under GDPR regulation, this can equate to up to 5% of global annual turnover - and accountability rests at the C-suite. Pervasive encryption provides additional benefits here, providing the so-called ‘safe harbour’ necessitated – ‘if you have everything encrypted, you are automatically in that space’. In combination with holistic alignment, this moves the narrative beyond security as cost and the protection of people and data - to security as opportunity and a vital catalyst for growth and sustainable competitive advantage.
Disclaimer: From time to time, IBM invites industry thought leaders to share their opinions and insights on current technology trends. The opinions in this article are my own and do not necessarily reflect the views of IBM and BBN Times.
Prof. Sally Eaves is a highly experienced Chief Technology Officer, Professor in Advanced Technologies and a Global Strategic Advisor on Digital Transformation specialising in the application of emergent technologies, notably AI, FinTech, Blockchain & 5G disciplines, for business transformation and social impact at scale. An international Keynote Speaker and Author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations and has been described as the ‘torchbearer for ethical tech’ - founding Aspirational Futures to enhance inclusion, diversity and belonging in the technology space and beyond.