We knew hackers were relentless, ambitious, and ingenious before news of high-profile hacks became such a routine part of the news cycle. Still, the pervasiveness of the attacks is jarring, and it can also cause organizations to feel both overwhelmed and fatalistic about their ability to protect themselves, especially as their data increasingly moves cloud-ward. A better, more positive approach is needed.
In a cloud-first world, cybersecurity is at the very core of digital business. It can be an enabler of new ideas, and clear paths toward digital business agility and growth. It’s actually the cloud itself that often makes this possible. Cloud-based services are foundational, for example, to the real-time monitoring and data analytics behind leading-edge cybersecurity policies. And cloud architectures are inherently simpler, making them great places to build secure, innovative products and services.
Consider this perspective from PwC’s Global Cybersecurity and Advisory Leader David Burg: “We’re seeing more and more that cybersecurity can actually become a remarkable way to help a company innovate and move faster,” he said. “In certain kinds of digital innovation, the security considerations, controls, and capabilities, alongside a frictionless means of authentication, are essential to the design and development of these new products and services.”
From “money pit” to business enabler
Of course, the benefits of the digital age have some tradeoffs for cybersecurity. For instance, most businesses have had to confront significant loss of control over their data as their operations increasingly depended on outside cloud services. They’ve also had to deal with an expanded field and higher volume of attacks. The Cisco 2017 Security Capabilities Benchmark Study found that 44% of security operations managers see an average of 5,000 security alerts per day. It indicated that, due to various constraints, organizations can only investigate 56% of the daily security alerts they receive.
This gap in the ability to respond to security threats, combined with the cost of a breach (the Ponemon Institute’s 2017 survey puts the average cost at $3.62 million), makes it easy for organizations to pursue cybersecurity from a defensive posture. Organizations know they can’t underplay the cyberthreat, because the potential damage from an attack is so great. But they also know they can’t possibly cover every angle of the threat. Cybersecurity is sometimes viewed as a “money pit,” according to the nonprofit (ISC)2, an international organization that specializes in security information and certifications.
[Security as an engine for growth is only one of the ways that CIOs have to refine their cybersecurity messaging and strategy.]
“Unfortunately, cybersecurity is often viewed as the organization that always says no versus the organization that makes the business go,” according to David Shearer, CEO of (ISP)2.
It shouldn’t be that way. Here are a few ways cybersecurity is clearly about business enablement:
- Competitive advantage: The ubiquity of the security threat creates opportunities for companies that prove their products and services include robust protection. Companies whose customers trust them to secure their businesses will grow along with them.
- Better collaboration: Digital supply chains are global and complex, but business doesn’t get done today without precise collaboration between multiple parties. Organizations with mature and agile cybersecurity policies will earn trust and enhance opportunities to partner with visionaries and market movers.
- Room for innovation and growth: Better cybersecurity protects a company’s data and its resources. Preventing breaches not only saves millions of dollars that can be better invested in growth, it saves the time and effort required for mitigation and remediation. It can also give companies more confidence when moving ahead with mission-critical initiatives involving potentially vulnerable or sensitive information.
These advantages are real, and the consulting firm EY thinks as more companies start to see cybersecurity as a business enabler, they’ll start to view it completely differently: “As forward-looking firms bring cybersecurity together with their digital teams and the wider business, the question may arise of whether cybersecurity as a distinct function should disappear and become completely embedded into the business.”
Why interconnection matters to cybersecurity
In the Global Interconnection Index market study, published by the company I work for, Equinix, cybersecurity is listed as one of five global trends that’s projected to drive the need for interconnection to unprecedented levels.
Interconnection is the private data exchange between businesses, and it’s critical to cybersecurity because it enables direct and secure connections between applications, data, networking and security controls locally, regionally and globally. Those direct connections are essential to execute cybersecurity policies across the digital world’s expanding and shifting borders. Why? Private, direct connections are safest. And direct connections between a company and digital ecosystems filled with potential partners and service providers optimizes cybersecurity deployments to better support business enablement and innovation.
Cybersecurity will be a constant concern in a digital world that seems to present unlimited opportunities for both the good guys and the bad guys. But it doesn’t have to be just a cost of doing business. With the right approach and the right tools, including cloud and interconnection, cybersecurity can both protect and create new levels of business growth.
Jim Poole is the Vice President for Global Ecosystem Development at Equinix. In this role, he explores new and emerging digital ecosystems with a focus on how interconnection can be used to strategic advantage by Equinix customers. Prior to his current role, Jim served as the Vice President for Global Service Provider Marketing, where he was responsible for vertical strategy, messaging and sales activation. Jim has more than 20 years of experience in the ICT industry, and has held executive-level positions at Roundbox, Savvis, C&W Americas, NTT, dynamicsoft and UUNET.