With Business Driving the Bus, IT Should be Painting the Lines

by Sean Kopelke, ANZ Country Manager, Zscaler

With business becoming increasingly digital, the deployment of solid IT security has never been more important. Breaches can cause anything from mild inconvenience to widespread disruption and financial loss.

Yet, despite the importance of security, many organisations remain vulnerability to attack. Although they may have invested significant amounts in tools, they lack a comprehensive security strategy that will ensure they can withstand risks.

A key reason for this is that many organisations continue to let their legacy technologies drive current decision making. Even if an organisation runs on hard-to-adapt legacy solutions, it’s dangerous to make decisions based on supporting that environment. Such decisions have everything to do with replacing legacy point solutions without upsetting the architecture of which they are a part. That's a bad idea.

Instead, it’s time to rebuild for flexibility and a constantly changing environment. The cloud and virtualisation have ushered in new ways of integrating products and solutions with existing infrastructures, and companies need to keep that in mind even when making point decisions. There’s no question that the technology landscape today is much different than the one that IT has built and supported during the last 40 years.

Often, this situation gives rise to what is known as “shadow IT,” in which groups bypass the IT department and adopt cloud applications on their own. In an environment where IT decisions more resemble ecommerce purchases, IT can quickly lose any role whatsoever in the transition to new architectures. Now, instead of leading, IT is out of the loop. While the ability to directly adopt technology is a good thing, IT should be guiding the business toward good decisions, while accepting some loss of control. Therein lies the challenge.

Clinging to legacy technology and concern over shadow IT are both problems augmented by a common culprit: fear of giving up control. A book could be written on the matter, but at a minimum CIOs need to help their teams embrace a new role in this infrastructure evolution. Complete control is not possible amid constant change. As a result, IT professionals will now have to paint the lines on the road instead of driving the bus. If done effectively, the process can chip away at the edges of any legacy platform —both strategically and for the needs at hand. Here’s how this process can be done effectively.

Changing gears

Cloud computing is not a technology shift. Rather, it is a business shift that has enabled organisations to work more efficiently. The convergence of mobility, connectivity, easy application consumption, and elastic computing resources has spurred business in powerful ways not possible before.

From an IT perspective, this convergence has resulted in the loss of control points (like servers and user access) that has been central to IT since the earliest moments of technology in the workplace. But in exchange, an opportunity has arisen to help business grow through IT transformations that take advantage of all the opportunities the cloud presents. Capital One is an excellent example of a traditional finance company that is fully embracing the cloud and using it as a way to increase efficiency and accelerate innovation. They are integrating Amazon Alexa voice services with traditional banking and building and migrating new and legacy application to the AWS platform. 

Letting Go of the Wheel

The role of IT is no longer the upkeep of information technology but rather that of a navigator, helping the business get safely to its destination. This is especially important in a time of transition from older technology to new public cloud and “X-as-a-service” (XaaS) deployments, which have become the norm for any effective business.

For IT to be successful in this role, it must learn to trust cloud and service providers, and even take up some of the ways they operate. It’s not an “us vs. them” scenario but a co-operative one and trust is key.

The reputations of cloud and service providers rely on their ability to execute. In many cases, they’ve already assembled top teams, which is why government agencies, such as the National Security Agency, and companies, including Netflix, turn to vendors like Amazon Web Services when building their clouds, instead of going at it on their own.

Read more: Unencrypted hard-coded password risks patient info in Philips’ x-ray dose app

Get in the Fast Lane

Many organisations approach the cloud as they would any major IT transition. They analyse it, try to understand it, and learn as much as possible about cloud provisioning, management, and security.

Although it’s not a bad approach, traditional vetting and risk processes can slow down entire projects. Instead, IT needs to be okay learning along the way and using the assistance of cloud services vendors.

This doesn’t mean going all-in without knowing the potential pitfall, but if you believe that the shift is inevitable, the sooner you start the better you’ll be.  This can be done in a low-risk fashion. Non-mission–critical apps, for example, can be a good starting point for cloud conversion.

Perhaps your organisation is not quite ready to let go of PeopleSoft, but perhaps the company is ready to move to something like Jobvite to accelerate hiring. Ultimately, the ease of use and dividends in production, efficiency, and cost following the transition will speak for themselves, superseding the unconstructive risk aversion.

Moreover, organisations are saddled by concerns over their inability to detect the applications already in use, such as email services, file storage platforms and shadow IT. With proper visibility, businesses can map out these services and new ones as they’re added to ensure risk is mitigated. Why stay in the dark when it’s possible to progressively assess the organisation’s risk appetite?

Arriving on time

Finally, organisations need to remember that cloud transformation does not all have to be done at once. Rather, it should happen at the pace that is right for your organisation. Gone are the days of 18-month integration projects leading to major rollouts of static software. User-led adoption and proliferation are the new norm.

Cloud services and applications can be merged into existing infrastructures by chipping away at the legacy stack over time. The process itself will require a lot of trust in those who understand the cloud, both inside your company and among third-party vendors. As such, organisations will need to hire people who know how to leverage the cloud or those who have done it before, while ensuring that those people are mindful of business strategy.

Taking this approach will ensure an organisation can take advantage of new technologies while also ensuring it has effective security measures in place. Business benefits can be enjoyed while risks are reduced.

Tags risk managementVulnerabilitiescyber attacksIT Securityshadow ITzscaler

Show Comments