Two-plus years on from the dark dawn of the global pandemic, two things are clear:
- First, that although most companies are moving into a hybrid office scenario, there are now (and will continue to be) more remote workers than ever; and
- Second, that the number of workloads deployed in the cloud has skyrocketed as IT groups work to ensure applications are accessible to both clients and staff.
The next normal has very much arrived. In this world, companies are adaptable. They’re resilient. They do whatever it takes to ensure operations run smoothly.
The World Economic Forum recently said that with the enlarged work surface of the hybrid office era, there comes a higher level of risk. What has become clear over the past couple of years is that the future – starting now – belongs and will continue to belong to the prepared – agile security organizations built for a future of disruption.
But strong security doesn’t come from merely wishing it; IT groups must have a plan, the will to carry that plan through, and the patience to move methodically through every step between a vision and its fulfillment.
Doing the Needful
This is not to say it’s a piece of cake to stay afloat cyberwise at a time of almost constant change and churn. Those who fall into this category should take comfort, however, from the fact that they’re not alone. Over 100 IT professionals employed by larger firms that have deployed workloads in the cloud were surveyed recently by Osterman Research. The result: more than a third said they are doing less than they should be doing to secure their cloud workloads.
“It’s no joke,” said ITWC CIO Jim Love. “In this same survey, and in countless others like it, you have this virtual police lineup of risks, from lack of visibility and to data loss to overprivileged identities to the bad actors themselves. You would think such a lineup would scare companies into perfect order, but this is not always the case.”
There can be many reasons why some security teams have not yet been successful.
Said Love: “For some it’s the complexity, while for others it’s a question of education and training, or perhaps of trying to do too much too quickly – or without sufficient planning. Whatever the case, it’s a serious problem that companies must overcome.”
Area(s) of Vulnerability
Companies’ readiness to tackle the cyber issues coming at them now, at a time when the ground is shifting, will vary. “Some will inevitably play it looser than others,” said Love. “Or it might come down to a question of strengths and weaknesses. You might have a company that excels at cloud security but not at securing the networks from which services are accessed. In another case, it might be completely the reverse.”
What can be universally agreed upon is that security and risk management leaders have dramatically more responsibility in 2022 than they did even a couple of years ago. These individuals and their teams must not only stand on guard against threats but also evolve to become good stewards of their organization’s brand and reputation.
You might be reasonably confident in your company’s security posture or its ability to adapt to changing cyber conditions. Or you may indeed be – as are more than a third in the Osterman survey referenced earlier – worried about your IT group’s performance and/or level of readiness.
While the ebook Traits of Highly Successful Security Organizations doesn’t have all the answers to all your security-related questions, it does contain definite clues about what it means – what it really means – to have a successful security organization.
Download this free ebook to learn:
- The keys to security leadership
- Three recurring traits that sector leaders have in common
- Expert insights on building a successful security organization