Rethinking Secure Technical Innovation to Enable Successful Business Outcomes
Over the past 25 years I have been employed in the technology field, my non-technical friends often ask me, “How do you keep up with technology as things change so quickly?” I argue that change isn’t as dramatic as they might think. For the most part, we do old things in new ways and rarely new things in new ways.
Fundamental technical principles can be applied to supposedly “new” technologies. IT professionals tend to function day to day, managing mundane tasks such as patching of systems and dealing with the latest virus and ransomware outbreaks. IT teams strive, with limited budgets and staff to satisfy regulators and auditors, to show they have an action plan to resolve violations. Often, many of the gaps remain and IT managers must instead apply for exceptions to postpone the cost of having to address technical exposures.
How can IT professionals keep up with the daily grind of keeping IT operations afloat while also enabling the business to meet desired objectives? How can IT teams keep organizations secure without hindering innovation?
Prioritize strategic activities
A first step is to find more efficient ways to keep up with day-to-day tasks so you can step back and look at the bigger picture. I realize this is easier said than done. According to the Cisco 2018 Annual Cybersecurity Report, two of the top three challenges faced by security professionals are lack of budget and lack of trained personnel. On top of that, IT talent ends up doing tasks that a machine could do instead, rather than focusing on more strategic initiatives. Society long-ago evolved from agricultural subsistence to industrial and technical revolutions – IT teams can similarly move up their own evolutionary ladder again by increasing the amount of time spent on innovation and more strategic tasks instead of the daily grind of trying to keep up with maintaining IT systems and networks.
Encourage your teams to think beyond their day-to-day tasks:
- What can they do that goes beyond the basic system maintenance, patching and other tasks?
- Should traditional security practices be revamped? Even if they are functional, are they optimized? Can they be made more efficient?
- Can admins do more than continuing maintenance of quality of service, or dealing with a Domain Name Server namespace issues or trying to fix firewall rules?
- Are your organization’s security practices still adequate to protect the needs of the business?
- Is there value in traditional vulnerability scanning and penetration testing of cloud microservices vs. traditional web applications?
- Will traditional network segmentation approaches protect the organization’s cloud container environments?
- Will next generation firewalls offer protection from lateral container-to-container microservices application traffic?
- Are Agile applications using DevOps coded and tested properly for potential security vulnerabilities?
Your IT organization can practice taking a strategic approach and make incremental improvements by tackling questions like these. For organizations looking to gain a broader insight and rebalancing of their tactical vs. strategic focus, consider working with Cisco Security Services experts. Cisco Security Advisory Services such as security strategy and architecture, datacenter design, cloud advisory and software defined advisory services can help you accelerate your movement to a more strategic organization.
Incorporate Technical Innovation
In addition, there are really great technical innovations that can help an organization to bring technical staff up the food chain from having to deal with the daily mundane grind:
- Intent-based networking built on Cisco DNA
By abstracting network complexities from the administrator through automation using Software-Defined Access and providing insight into how the network can be improved, technical staff can now finally move away from daily mundane tasks and help business innovate. SD-Access will secure users, devices and applications with identity-based policy, regardless of location and enable a consistent user experience anywhere with insights and analytics into user and application behavior. - Tetration
Technologies such as Tetration will allow visibility into which applications “talk” to other applications so when system changes are made the applications still work as intended. - Application Centric Infrastructure
Through the use of an Application Centric Infrastructure (ACI), policies are used to enable secure and effective application deployment and abstract the complexities from the administrator. Automation can facilitate innovation. - Cloud
The market is moving away from pure virtual machines which are tied to specific operating systems to container technology which provides more flexibility. East-west traffic is more prevalent than ever before and requires visibility to be able to see malicious traffic in the cloud. Micro-, and now moving to Nano-, segmentation will help provide protection at the application layer in cloud container environments.
Furthermore, container firewalls such as Docker will provide protection along with next generation firewall perimeter protection. Availability and load-balancing in the cloud container environments through Cisco’s partnership with Google and Kubernetes technology will allow companies to maintain high availability and redundancy.
The world is changing and it’s changing fast. Narrow focus on mundane tasks and keeping auditors and regulators happy will only get your organization so far. In order to innovate and support new business initiatives, your organization needs to move quickly and securely through technical innovation to enable secure business outcomes. This is critical now than ever before as we are doing old things in new ways – and even more critical as you look to do new things in new ways.
If you are looking to accelerate your pace to a more strategically-oriented IT organization, consider engaging Cisco Security Services experts. Our innovation, expertise and services quality, coupled with advanced analytics, automation and security, help you bridge the talent gap, manage risk, deliver excellence, and stay ahead of the pace of change.
Thanks for the Blog. Lots of food for thought – and, as mentioned having a sound working knowledge of Networking foundations are still required in order to be built on and enhanced.