The Business Transformation Network recently partnered with Check Point, a global leader in Cyber Security solutions, for an invite-only virtual roundtable.
The session was led by VP of Product Management at Check Point, Itai Greenberg, a senior leader and renowned expert on driving innovation in the cloud.
Those in attendance were executive level technology leaders within their respective organisations, taking part in a conversation that would touch on an abundance of topics, whilst following the below key themes:
- Why consider a move to the cloud?
- Where do you find yourself on your cloud transformation maturity journey? How do you make the next move?
- The evolving role of a shared responsibility model
Cloud Transformation has been a topic of discussion for many years as organisations start to realise the benefit of moving key components of day-to-day processes from on-premise to cloud environments, whether that be applications, software programmes, data or even entire infrastructures.
The current climate and impact of COVID-19 has only heightened the realisation that accessibility is key, regardless of location, but has also emphasised how important the role of Cyber Security is when employees are working in locations that you, as an organisation, do not have control or an influence over.
The conversation touched on some key themes around the importance of cloud and the requirement for it to be omnipresent, focusing on cloud as being the most efficient way of providing security at scale, at speed and everywhere. From this the attendees began to discuss – How do we secure the cloud itself? The most important point of this was looking at how we can ensure that we are operating in the cloud with confidence.
Around the (virtual) table, discussion moved on to where each of the attendees were on their cloud transformation maturity journey and the strategic decisions behind the transformation itself. This led to attendees agreeing that moving to the cloud itself should not be a business objective but part of the overall strategy of an organisation when looking at leadership and the future agility.
Dependant on what stage someone was at within their cloud transformation journey, the conversation was very much in line with what type of value they wanted to implement and the capabilities within their organisation that they had at their disposal. If an organisation has a hybrid architecture, then how do we create compliance across environments and ensure Cyber Security is at the forefront of decision making. One organisation discussed their array of operational technology that was not currently operating in the cloud due to a variety of applications that are presently technologically incapable of the move and the issues with data confidentiality that arose from this.
Innovation in industry seemed to be a major factor in the future of Cyber Security, with new technologies or concepts, such as the impact of Industry 4.0 and the Internet of Things, being driven by the technology itself resulting in security becoming an afterthought in the process.
The conversation moved on to the role that business continuity plays and high availability, as attendees engaged in what it meant to their businesses on a commercial level if ‘something went wrong’ with accessing their cloud.
An attendee worked for a supplier for supermarkets and relayed that downtime and loss of data/connection has a huge direct impact of business profits. For example, loss of access for an hour can result in fines or empty shelves due to the repercussions on delivery times. Therefore the connectivity and integrity of the environment that an organisation builds in the cloud needs to be confidential, secure and accessible. If one of those factors is impacted, it can have a detrimental effect on the business as a whole.
Transformation projects rely on 3 key components: the people, process and technology. With regards to a cloud transformation, our attendees understood and had control of the process and technology but as with all transformation projects, the people are those that sit at the heart of success and are harder to ‘control’.
This led the attendees to question how can we create a culture of security within teams? If our organisation is moving all, or parts, of our infrastructure to the cloud, we need to ensure our employees are thinking about security throughout the journey and beyond. Transformation is never a finished project; it is an ongoing process and to change mindsets is a challenge.
Simple implementations, such as single sign on, was discussed as a way of utilising a strong central identity store and embedding security across organisations without necessarily calling it Cyber Security. Training within micro-teams was discussed to educate good practice. The common phrase of ‘security is only as strong as the weakest chain’ could not have been more relatively posed at this point, as the group looked at the role of security within day-to-day operations. If someone is technology savvy, it is widely presumed they are also security savvy. This is not always the case and the role of communications was debated across the board. Cyber Security is regularly seen as coming in at the end of a project and is projected as a hindrance to the process, which further enforced the need for a culture of Cyber Security to be embedded across all touch points in programmes and transformations.
The group finished by briefly touching on some of the impacts of COVID-19 on their organisations and the role of a remote, dispersed workforce. Factors such as ‘bring your own device’ and the management of updates has had a huge impact on Cyber Security. Not being able to regulate how often employees do updates on their devices has resulted in an abundance of challenges across the Cyber Security space for organisations.
As organisations have had to adapt to working from home environments, employees have taken upon themselves to utilise technologies that were not necessarily part of the technology environment pre-COVID, such as video conferencing platforms, which has resulted in an abundance of Shadow IT issues.
From the conversation, it was concluded that everyone is at varying stages of their Cyber Security transformations journey and as a result of the remote workforce enforced by COVID-19, Cyber Security has needed to become even more of an integral part of the strategic leadership plan to future agility and overall security. Taking this into account, the assumption that tech-savvy people are also naturally security-savvy is a dangerous one, which organisations need to face head on by including Cyber Security as a main part of any transformation process, not as an afterthought. Finally, although the cloud environment is scaling rapidly, organisations have to ensure that the security to go with this also scales in tandem and at the forefront, as without doing so there are a vast array of problems that organisations will face, many of which could be detrimental.
Check Point is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks.