By Drew Del Matto, Chief Financial Officer, Fortinet
Cybersecurity is at a critical tipping point. With massive volumes of data being generated and analyzed across the globe every day from a variety of sources and devices, an entirely new approach to network security is required. From both a business and a technology perspective, traditional security paradigms are struggling to be agile and fast enough to move at the speed required in this new world. How do companies successfully lead in a world that is being transformed by technology and the utilization of valuable data? The linchpin to success going forward will be a business’s ability to flexibly secure its sensitive data and create digital trust with its customers and ecosystem.
Data is the fuel for the digital economy
The Internet of Things (IoT), heterogeneous data models, mobility, cloud solutions, and analytical tools are driving the inexorable proliferation of data. Tremendous value and competitive edge are created through the effective use of data, and businesses across all industries are using it to transform themselves and generate net new revenue streams. Data has become the fuel of the next-generation business economy. We see examples of this every day.
Some of the most established industries, like healthcare, are now more data-driven than ever. Doctors have always used data to evaluate their patient’s condition, but that data used to be stored on paper and film. Now it’s more available; physicians can instantly share files, images and video with colleagues anywhere in the world, making doctors and the entire medical profession more productive and no longer bound by time or distance. Data can be correlated in ways never possible before, leading to a more proactive diagnosis and treatment. And data accessibility has the added benefit of allowing patients to be more engaged in their own care.
Data is disrupting businesses as well. Uber is the world’s largest point-to-point passenger service without owning a single car. AirBnB is one of the fastest-growing hospitality services without owning a single piece of property.
Companies like Google and Facebook are using consumer data to create new revenue streams and deliver better customer experiences. Data has become an invaluable currency, and businesses depend on it to fuel growth and innovation.
Data drives value creation and productivity
A recent report by McKinsey Global Institute (MGI), titled Digital Globalization: The New Era of Global Flows, found that the flow of data between countries has brought the world closer together and made us all more productive. Global flows of all types (goods, services, finance, people) drive growth by connecting economies. According to MGI’s analysis, “over a decade, all types of flows acting together have raised world GDP by 10.1 percent over what would have resulted in a world without any cross-border flows. This value amounted to some $7.8 trillion in 2014 alone, and data flows account for $2.8 trillion of this impact.”
The reality is that in order for data to fuel and transform businesses, information technology and security are the essential underpinnings to its ultimate value creation. Technology makes it possible to correlate, analyze and draw conclusions from data in ways never seen before. Every industry is looking for ways to monetize the data they uniquely own or can gather. Organizations must monetize data or they will be left behind.
IDC published its 2017 IT industry predictions, highlighting the accelerated transformation to a digital, data-driven economy. Some predictions include:
- By the end of 2017, revenue growth from information-based products will be double that of the rest of the product/service portfolio for one-third of all Fortune 500 companies. (IDC FutureScape: Worldwide Digital Transformation 2017 Predictions)
- By 2019, 40 percent of IT projects will create new digital services and revenue streams that monetize data. (IDC FutureScape: Worldwide CIO Agenda 2017 Predictions)
- By 2020, 50 percent of the Forbes Global 2000 (the world’s largest public companies) will see the majority of their business depend on their ability to create digitally-enhanced products, services, and experiences. (IDC FutureScape: Worldwide IT Industry 2017 Predictions)Clearly, the transformative potential of data is huge. Unfortunately, criminals see the value in data as well.
Cybersecurity in a data-driven world
Business priorities around cybersecurity have evolved in recent years to account for the changing threat landscape brought on by the increasing value of digital data. 2014 was dubbed the Year of the Breach, with sophisticated, targeted mega-breaches of customer and employee data at places like Target, Sony, eBay, and Home Depot grabbing the biggest headlines. The following year saw the rise of stewardship and the role of the CISO, with business leaders responding in droves to the increasing threat and instituting new security policies and resources to protect their businesses from data theft. Bad actors got more creative and found new targets. Witness the massive data breach at the U.S. Office of Personnel Management (OPM), where background investigation records of more than 20 million current, former and prospective federal employees and contractors were stolen.
As cyber-attacks worldwide increased in frequency and sophistication in 2016, the demand for highly skilled security talent also increased. The result was an exacerbation of the already troubling cybersecurity talent shortage, estimated to be as high as one million open jobs. Organizations that recognize a need to build cybersecurity teams, and are prepared to spend the money to do so, are struggling to find the expertise to fill those roles. And now, as data is becoming exponentially more critical to future growth and innovation, the ante is going up again.
The trust side of the data coin
In this world where data is king, just as important as an organization’s ability to use its data is its ability to protect it. Businesses experience value through additional or new revenue, lower costs or faster time-to-market. Customers experience value through new or better experiences, greater convenience, and lower cost.
But in order for data to flow freely, and for companies to use that data successfully, it must be protected, and the company must be trusted. The more individuals believe that businesses will protect their data and use it for good, the more willing they are to provide it. The key to success in the digital economy is trust. Lose that trust, and the impact to your business can be crippling.
Building secured business offerings create a trusted brand. Designing and building an architecture that is strong across the value chain ultimately creates digital trust.
This requires a shift in the approach to security, from reactive to proactive. Security is a business issue first. This includes not only an appropriate investment in technology and architecture, but it requires starting with the mindset that security is paramount. If your security strategy is not integrated into your business priorities and initiatives right from the start, it will not serve the business well and will constantly struggle to keep up.
The reality is that cybersecurity is a business-wide issue and opportunity. And while the CISO is the quarterback, cybersecurity as a core behavior needs to permeate every function and all levels of an organization.
The CISO’s challenge
The role of the CISO is changing. What began as a technologist or compliance expert role must now be a business leadership role first. CISOs must drive the shift in approach to cybersecurity to ensure that valuable data remains protected.
With the rise of the cloud and the growth of shadow IT, businesses often don’t even know where they are vulnerable, where all of their data I, and if it is being protected. As new threats to our information security have emerged over the years, the result for most businesses has been siloed solutions. This endless cycle of “see a vulnerability, buy a solution to address it” results in a patchwork of products and capabilities that don’t talk to each other or coordinate any kind of policy or response. This type of security infrastructure is complex and difficult to manage and does nothing to help the business to keep up with the ever-evolving cyber threat landscape. Security, in this model, becomes an inhibitor, not an enabler.
In order to succeed, CISOs must evolve their approaches across people, process and technology. Security must be embedded in the culture and made a priority for all members of the organization. Each individual must feel a sense of ownership and pride in securing the company’s most important assets, and it must start at the top. It is also critical to invest in attracting, developing and retaining the right talent to ensure that the organization remains secure.
Creating and instituting the right processes spans taking a regular assessment of all assets (you can’t protect it if you can’t see it) to regularly and proactively implementing fixes for “known” vulnerabilities or threats across the organization. According to a recent report by AT&T, 90 percent of the attacks they log are known attacks or their variants – not zero-day attacks. Security risk also needs to be evaluated and planned for in key business initiatives from the start – CISOs are uniquely positioned to play this role by effectively translating security requirements and capabilities into the language of business.
Lastly, CISOs must take an architectural approach to security. That doesn’t necessarily mean scrapping everything and starting over. The reality is most organizations already have many different security devices, often from many different vendors. Deploying a truly integrated security fabric will let businesses maximize existing investments by pulling all of the discrete solutions together. The result is a collaborative system of tools that work together to monitor the network, share information and respond to threats, no matter where they occur. A truly integrated fabric also gives you visibility across your entire network, from endpoint devices through to the cloud.
At a time when our networks are under constant attack, visibility and end-to-end protection are critical. With increased network complexity and attacks becoming more sophisticated and targeted, an integrated security strategy is the only way to ensure that organizations achieve the digital trust required to fuel the data of today’s global businesses.
About the Author
Drew Del Matto brings more than 20 years of financial management experience and expertise in the network security market. Prior to joining Fortinet, Drew held a variety of senior management roles at Symantec including an acting chief financial officer, as well as senior vice president and chief accounting officer. Drew also served as Symantec’s corporate treasurer and vice president of finance business operations, responsible for all treasury functions, various aspects of mergers & acquisitions, pricing and licensing financial planning and analysis, and revenue operations. Prior to Symantec, Drew held senior finance leadership roles with Inktomi Corporation and SGI Corporation. He began his career as a CPA in public accounting with KPMG LLP.