CISO Magazine by Jason Bloomberg, President, Intellyx
There is a dark underbelly to digital transformation-driven customer value, however: cybersecurity risk. The more technology-centric our organizations become and the faster they go, the greater the chance that a hacker will find that one vulnerability that will suck away all that hard-earned customer value.
The downside of cybersecurity risk certainly garners more headlines than the upside of digital efforts to be sure – and an increasing number of executives are realizing that they must address both together.
The inevitable conclusion: how organizations deal with cybersecurity risk must also transform. They cannot simply keep dealing with such risks as they have in the past.
The Transformation of Cybersecurity
Just as digital transformation requires breaking down organizational silos, so too with cybersecurity. “Security needs to be part of everyone’s job,” explains Fraser Scott, Cloud Security & DevSecOps at Capital One. “Security being a constant blocker just won’t scale. Either that or you end up with shadow IT.”
Traditional IT shops relegate ‘information security,’ or InfoSec, to a separate department. Developers must then run their code by InfoSec for approval. This state of affairs slows application development (‘appdev’) down and creates an adversarial relationship between the appdev and InfoSec teams.
From the perspective of modern appdev, such blocking both impacts customer value and also doesn’t serve the goals of cybersecurity. “The problem for the security person who is used to turning around security reviews in a month or two weeks is they’re just being shoved out of the game,” says Gene Kim, DevOps thought leader and co-author of The Phoenix Project. “There’s no way with how InfoSec is currently configured that they can keep up with that. So, InfoSec gets all the complaints about being marginalized and getting in the way of doing what needs to be done.”
Large enterprises are clearly understanding this transformation within the cybersecurity ranks. “In order for InfoSec and agile to be effective in an organization, you can’t have it locked up with a few people or a few departments that are narrowly looking at their portfolio of work,” says Julie Tsai, director of engineering in information security at Walmart Global eCommerce.