7. Keep It Secure

Cybersecurity is no longer a layer that’s added at the end of a project. An increasingly sophisticated threat landscape and more distributed IT environments are forcing organizations to ensure that security is baked into all aspects of their Hybrid IT models, from on-premise systems to cloud applications. A secure, resilient infrastructure is vital to reduce risk and increase the reliability of mission-critical systems and applications.

Security has become the top priority for IT projects. In the next 12 months, 60% of enterprises plan to increase spending on security technologies as they try to reduce the risk of an attack that could disrupt operations and lead to significant financial loss or brand damage, according to the Computerworld Tech Forecast.

What Matters Most to CIOs?

Select your most important technology project and see how your choice compares with other CIOs:

Security technologies
#1
Legacy systems modernization/ replacement
#2
On-premises software
#3
Data analytics
#4
SaaS
#5
Application development/ upgrade/ replacement
#6
Data center consolidation/ optimization
#7
Private cloud computing
#8

What Does Success Look Like?

Select the primary goal of your most important technology project:

  • 6Cut costs
  • 3Improve customer satisfaction/experience
  • 2Increase productivity
  • 4Generate new or increased revenue streams
  • 5Maintain or improve expected service levels
  • 1Meet security, privacy, or compliance goals

As the Computerworld research shows, security has become a focal point for both IT projects and business outcomes.

Rising threats have led many organizations to integrate security tightly into their overall IT strategies across all platforms and systems, and down into functions such as software development. More than half (51%) of CIOs in the 2017 State of the CIO survey said security is now an integral part of IT strategy – up from 37% in 2016. In heavily regulated industries such as healthcare and financial services, those percentages are much higher (68% and 64%, respectively).

Security Syncs Up with IT

IT security strategy is an integral part of our overall IT strategy IT security strategy is loosely incorporated into our overall IT strategy IT security investments are typically reactive in response to IT security challenges or events 36% 12% 51% IT security strategy is an integral part of our overall IT strategy IT security strategy is loosely incorporated into our overall IT strategy IT security investments are typically reactive in response to IT security challenges or events 36% 12% 51%

“Security is built into every initiative and every single capability upfront. It’s not something you do at the end of a milestone,” says Cheriyan. “As you build orchestration between public, private, on-prem, and co-location facilities, security has to be an integral part of that. And when you implement new capabilities, all the different aspects of security, such as access management or vulnerability testing, need to be engineered for every new capability.”

“To me, security is same stuff as normal projects, they absolutely go hand-in-hand. I don't think there's any project you do where you don't have any security considerations.”

– Simon Iddon
Group CIO, The Restaurant Group PLC

Hybrid IT can reinforce an organization’s security posture because it provides the option to calibrate your decisions and choose the best place for each piece of your data. The challenge, however, is not so much where the data is stored; it’s the added complexity of safeguarding information as it traverses on-premises, public cloud, and private-cloud environments.

“Whenever you make your environment more complex, there’s the potential for more mistakes,” says William Mayo, CIO of Broad Institute. “And ultimately that is the driving force behind dev-ops/no-ops in this whole space. As your environment gets more complex, the old ways just don’t scale.”

A comprehensive security and governance audit is a critical first step in shoring up Hybrid IT security practices. The audit should include an evaluation of all policies and user privileges, as well as of where and how data is stored throughout the organization.

End-to-end visibility will allow security teams to introduce the right mix of security layers and controls to ensure redundancies and create protections across the entire infrastructure.

Data-centric security techniques, combined with identity-based controls, are gaining traction as better ways to defend against unauthorized access to information and systems across environments. Companies are deploying advanced encryption techniques to protect data at rest, in motion, and in use across public and private clouds and enterprise systems. Identity management adds an additional layer of role-based access rights across service catalogs and enterprise directories.

For example, AmeriPride has integrated identity solutions into its security mix as it moves more applications and infrastructure to the cloud as part of its Hybrid IT transformation, according to Jeff Baken, director of infrastructure at the uniform rental and linen supply company. “We’re trying to establish more role- and profile-based solutions,” he says, “so it doesn’t matter whether users are at home, in the office, or at a plant location. We authorize access based on the user vs. where they are or what they are trying to do.”

“It doesn’t matter whether users are at home, in the office, or at a plant location. We authorize access based on the user vs. where they are or what they are trying to do.”

– Jeff Baken,
Director of Infrastructure, AmeriPride
Key Play

7. The Block

6 steps to improve Hybrid IT security
1 2 3 4 5 6 Introduce security into the software development lifecycle to improve security and reduce the cost of vulnerability fixes. Build a data-centric approach to security, with encryption at the core. Deploy to a dynamically hardened infrastructure to reduce risk on virtualized Implement a shared access-management solution that integrates cloud-based identities with corporate identity directories. Proactively monitor, detect, and respond to security threats. Integrate security policies across cloud and on-premises infrastructure to maintain continuous regulatory compliance. 1 Introduce security into the software development lifecycle to improve security and reduce the cost of vulnerability fixes. 2 Build a data-centric approach to security, with encryption at the core. 3 Deploy to a dynamically hardened infrastructure to reduce risk on virtualized data center traffic. 4 Implement a shared access-management solution that integrates cloud-based identities with corporate identity directories. 5 Proactively monitor, detect, and respond to security threats. 6 Integrate security policies across cloud and on-premises infrastructure to maintain continuous regulatory compliance.

Take a Deeper Dive into Hybrid IT

The Strategic CIO’s Playbook

Create a game plan for accelerating digital transformation with the right mix of Hybrid IT.


Enterprise.nxt

Sign up to receive insights and resources designed to help IT pros shape the future of business.