Digital Transformation is now a business necessity, but instead of pulling together to enable necessary change, the friction between network and security teams is increasing. The business needs to move away from data centers and traditional Wide Area Networks (WANs) to take advantage of the cost, flexibility and agility provided by the stunning WANs and Defined Software (SD-WAN). Chief Information Security Officers (CISOs), especially those working in regulated industries, argue that the risks to public infrastructure are too high. stalemate.
So far. Organizations are pushing ahead with Digital Transformation plans and excluding the CISO from the conversation. But at what cost? Who is assessing the implications for regulatory compliance? At what point will the Chief Risk Officer ban the use of the SD-WAN for sensitive data, leaving the business running legacy and new infrastructure side by side, undermining the entire Digital Transformation project? A new perspective is urgently needed, one based on collaboration, understanding and recognition that Zero Trust’s security posture can protect even the most sensitive data, while unlocking all the benefits of SD-WAN.
Mar Simon Hill, Head of Law & Compliance, Certes Networks argues that it is time for CISO to take the lead in the Digital Transformation process – or risk being the other way around.
CISO must address the fact that the Digital Transformation is happening – with or without them. Organizations need to embrace the agility, flexibility and cost benefits offered by the cloud, at Software as a Service and, crucially, the transition from expensive WAN technology to SD – WAN. For CISO, while the move to SD-WAN expands the attack surface, adding an unacceptable data vulnerability, saying there is no choice anymore. There is a danger that CISO will be left out of the Digital Transformation loop – not only adding to significant corporate risk but also undermining the expected benefits of this essential investment in technology.
Network and IT teams are pushing forward, arguing that the risk is acceptable. How do they know? This is a dangerous compromise for any organization: critical risk decisions are being made by individuals who do not fully understand the full implications. For those organizations operating in regulated industries, these decisions could result in exposure to $ 10s million, even $ 100s of penalties.
Progress is also being jeopardized if security is not embedded in the initial Digital Transformation strategy. What happens when the CISO or Chief Risk Officer discovers that the business is migrating from the old WAN to the new SD-WAN environment? Suddenly the brakes are on, and sensitive data is called for encryption before it hits the network. Adding Internet Protocol Security (IPsec) tunnels will degrade performance – so the business is stuck then using the legacy WAN for data connectivity while still paying for the SD-WAN and failing any of it. get the fitness or cost benefits. More frustration. Increased friction between teams who should work together to support business goals.
Security is a fundamental part of the Digital Transformation – indeed the corporate operating strategy. Rather than avoiding change, CISOs have a responsibility not only to secure the organization but to proactively support change, with security being the key enabler of Digital Transformation.
By default, Digital Transformation does not create an inherently insecure environment – but it will require organizations to adopt the Zero Trust model, something to say. It has been clear for many years that there is no correlation between ownership and trust. Just as a company owns infrastructure and assets, complete reliance on data security does not automatically exist. Similarly, infrastructure outside the business is not fundamentally unreliable. The key is to build trust in a secure data protection overlay that will allow a business to operate across any infrastructure, whether owned or public.
SD-WAN High-Definition overlay, for example, uses crypto-partition to protect and ensure the integrity of sensitive data. With this Zero Trust approach, High Assurance SD-WAN means whether it is a public or private network, trusted or unreliable, irrelevant: the data security team only needs to define the policy and, with the ownership of the keys cryptography, it is possible to be confident that. data is always protected wherever it goes.
Adopting a Zero Trust security posture changes the outlook for CISOs – and provides a basis for critical collaboration with the networking and IT teams. With the confidence that data is secure regardless of network location, everyone involved in Digital Transformation can achieve their goals: IT and network teams can embrace the flexibility and agility of the cloud, SaaS and SD- WAN, and security staff still have control over the security posture.
This can only be achieved if the business embraces a different mindset. It is essential to think about security by design from the outset – and to break down the barriers between network, IT and security. The introduction of the Secure Access Service Edge (SASE) framework provides clear guidelines for the convergence of these teams to drive added business value but the CISO has the responsibility – and the opportunity – to ensure that the whole organization understands the Transformation objectives. Truly digital.
This also requires a necessary shift away from a security posture focused on regulatory compliance – fundamentally flawed by the impossibility of creating regulations that keep pace with the ever-changing security threats – towards a focused approach. on business. It may take a little longer to work together to plan the Digital Transformation process but it will result in a solid foundation that will remove any restrictions on innovation and agility.
It’s time for CISOs to change. There is no value in constantly blocking essential new technology projects; and no upside down to be excluded from critical plans as a result. By taking a proactive stance and driving Digital Transformation strategies, CISO can redefine the role, be a key strategic player within the business and act as an enabler, rather than a constraint, for operational success.
It’s time to find a way to secure the Digital Transformation – without compromise.
Just Say Yes – Why CISOs now have to adopt SD – WAN –
Source link Just Say Yes – Why CISOs now have to adopt SD – WAN –