7. Keep It Secure
Cybersecurity is no longer a layer that’s added at the end of a project. An increasingly sophisticated threat landscape and more distributed IT environments are forcing organizations to ensure that security is baked into all aspects of their Hybrid IT models, from on-premise systems to cloud applications. A secure, resilient infrastructure is vital to reduce risk and increase the reliability of mission-critical systems and applications.
Security has become the top priority for IT projects. In the next 12 months, 60% of enterprises plan to increase spending on security technologies as they try to reduce the risk of an attack that could disrupt operations and lead to significant financial loss or brand damage, according to the Computerworld Tech Forecast.
What Matters Most?
Select your most important technology project and see how your choice compares with other CIOs:
What Does Success Look Like?
Select the primary goal of your most important technology project:
- 6Cut costs
- 3Improve customer satisfaction/experience
- 2Increase productivity
- 4Generate new or increased revenue streams
- 5Maintain or improve expected service levels
- 1Meet security, privacy, or compliance goals
As the Computerworld research shows, security has become a focal point for both IT projects and business outcomes.
Rising threats have led many organizations to integrate security tightly into their overall IT strategies across all platforms and systems, and down into functions such as software development. More than half (51%) of CIOs in the 2017 State of the CIO survey said security is now an integral part of IT strategy – up from 37% in 2016. In heavily regulated industries such as healthcare and financial services, those percentages are much higher (68% and 64%, respectively).
Security Syncs Up with IT
“Security is built into every initiative and every single capability upfront. It’s not something you do at the end of a milestone,” says Cheriyan. “As you build orchestration between public, private, on-prem, and co-location facilities, security has to be an integral part of that. And when you implement new capabilities, all the different aspects of security, such as access management or vulnerability testing, need to be engineered for every new capability.”
– Simon Iddon
Group CIO, The Restaurant Group PLC
Hybrid IT can reinforce an organization’s security posture because it provides the option to calibrate your decisions and choose the best place for each piece of your data. The challenge, however, is not so much where the data is stored; it’s the added complexity of safeguarding information as it traverses on-premises, public cloud, and private-cloud environments.
“Whenever you make your environment more complex, there’s the potential for more mistakes,” says William Mayo, CIO of Broad Institute. “And ultimately that is the driving force behind dev-ops/no-ops in this whole space. As your environment gets more complex, the old ways just don’t scale.”
A comprehensive security and governance audit is a critical first step in shoring up Hybrid IT security practices. The audit should include an evaluation of all policies and user privileges, as well as of where and how data is stored throughout the organization.
End-to-end visibility will allow security teams to introduce the right mix of security layers and controls to ensure redundancies and create protections across the entire infrastructure.
Data-centric security techniques, combined with identity-based controls, are gaining traction as better ways to defend against unauthorized access to information and systems across environments. Companies are deploying advanced encryption techniques to protect data at rest, in motion, and in use across public and private clouds and enterprise systems. Identity management adds an additional layer of role-based access rights across service catalogs and enterprise directories.
For example, AmeriPride has integrated identity solutions into its security mix as it moves more applications and infrastructure to the cloud as part of its Hybrid IT transformation, according to Jeff Baken, director of infrastructure at the uniform rental and linen supply company. “We’re trying to establish more role- and profile-based solutions,” he says, “so it doesn’t matter whether users are at home, in the office, or at a plant location. We authorize access based on the user vs. where they are or what they are trying to do.”
“It doesn’t matter whether users are at home, in the office, or at a plant location. We authorize access based on the user vs. where they are or what they are trying to do.”
– Jeff Baken,
Director of Infrastructure, AmeriPride
7. The Block
6 steps to improve Hybrid IT security
6. Speed It Up
IT needs to pick up the pace.
8. Unlock the Potential
IT leaders are expecting big things from big data.
Take a Deeper Dive into Hybrid IT
The Strategic CIO’s Playbook
Create a game plan for accelerating digital transformation with the right mix of Hybrid IT.