6. Keep It Secure
Cybersecurity is no longer a layer that’s added at the end of a project. An increasingly sophisticated threat landscape and more distributed IT environments are forcing organisations to ensure that security is baked into all aspects of their Hybrid IT models, from on-premise systems to cloud applications. A secure, resilient infrastructure is vital to reduce risk and increase the reliability of mission-critical systems and applications.
Security has become one of the top priorities for IT projects. 88% of European CIOs said they are involved in security initiatives to a greater degree than in the past, with 64% of UK CIOs saying their security and IT strategies are tightly integrated. This trend looks set to increase over the next three years, with 66% expecting their security and IT strategies to be closely knitted together.
Although increasing cybersecurity protection is the number one IT investment priority for UK CEOs, it’s a joint-third concern for UK technology leaders, less important than improving operational efficiency and customer experience.
And according to the UK’s 2017 CIO 100 study, the top three areas of IT investment in 2018 and 2019 will be cloud capabilities (84% of CIOs), followed by data analytics (79%) and then security (73%). Security will continue to be a key focus for CIOs going forward, but they clearly have other things on their mind as well.
– Floriana Molone
Head of IT Customer Services and Deputy Director, London School of Economics
What Matters Most to CIOs?
Select your most important technology project and see how your choice compares with other CIOs:
What Does Success Look Like?
Select the primary goal of your most important technology project:
- 6Cut costs
- 3Improve customer satisfaction/experience
- 2Meet security, privacy, or compliance goals
- 4Generate new or increased revenue streams
- 5Maintain or improve expected service levels
- 1Increase productivity
As the IDG research shows, security has become a focal point for both IT projects and business outcomes. Though interestingly, the single most important technology project UK IT departments are working on right now are IT/network services management (10%) and software, on-premises (10%) followed closely by security technologies (9%).
Rising threats have led many organisations to integrate security tightly into their overall IT strategies across all platforms and systems, and down into functions such as software development. 64% of CIOs in the 2018 IDG Research Survey said security is now an integral part of IT strategy – up from 37% in 2016.
Integrating IT and security strategies
“Security is built into every initiative and every single capability upfront. It’s not something you do at the end of a milestone,” says Anil Cheriyan, CIO at SunTrust Banks. “As you build orchestration between public, private, on-prem, and co-location facilities, security has to be an integral part of that. And when you implement new capabilities, all the different aspects of security, such as access management or vulnerability testing, need to be engineered for every new capability.”
– Simon Iddon
Group CIO, The Restaurant Group PLC
Hybrid IT can reinforce an organisation’s security posture because it provides the option to calibrate your decisions and choose the best place for each piece of your data. The challenge, however, is not so much where the data is stored; it’s the added complexity of safeguarding information as it traverses on-premises, public cloud, and private-cloud environments.
“Whenever you make your environment more complex, there’s the potential for more mistakes,” says William Mayo, CIO of Broad Institute. “And ultimately that is the driving force behind dev-ops/no-ops in this whole space. As your environment gets more complex, the old ways just don’t scale.”
A comprehensive security and governance audit is a critical first step in shoring up Hybrid IT security practices. The audit should include an evaluation of all policies and user privileges, as well as of where and how data is stored throughout the organisation.
End-to-end visibility will allow security teams to introduce the right mix of security layers and controls to ensure redundancies and create protections across the entire infrastructure.
Data-centric security techniques, combined with identity-based controls, are gaining traction as better ways to defend against unauthorised access to information and systems across environments. Companies are deploying advanced encryption techniques to protect data at rest, in motion, and in use across public and private clouds and enterprise systems. Identity management adds an additional layer of role-based access rights across service catalogs and enterprise directories.
For example, AmeriPride has integrated identity solutions into its security mix as it moves more applications and infrastructure to the cloud as part of its Hybrid IT transformation, according to Jeff Baken, director of infrastructure at the uniform rental and linen supply company. “We’re trying to establish more role- and profile-based solutions,” he says, “so it doesn’t matter whether users are at home, in the office, or at a plant location. We authorise access based on the user vs. where they are or what they are trying to do.”
– Simon Iddon
Group CIO, The Restaurant Group PLC
And for Jason Oliver, Director of ICT, Science Museum Group, machine learning (ML) artificial intelligence (AI) is making a difference to their daily security operations.
“We are putting in place machine learning and artificial intelligence to help us understand what is normal within our security environment and what is happening on a day-to-day basis, primarily so it can flag abnormalities and my team can then react to them. But that’s not where the journey ends; the next step is that we then teach the ML/AI to actually respond to those threats that it sees itself, and self-heal our infrastructure, allowing our staff to concentrate on value-added tasks.”
6. The Block
6 steps to improve Hybrid IT security
5. Speed It Up
IT needs to pick up the pace.
7. Unlock the Potential
IT leaders are expecting big things from big data.
Take a Deeper Dive into Hybrid IT
The Strategic CIO’s Playbook
Create a game plan for accelerating digital transformation with the right mix of Hybrid IT.