NC Sep-Oct 2022

More documents

Recommendations

Info

FEATURE: WAN PERFORMANCE WHY CISOs MUST NOW EMBRACE SD-WAN SIMON HILL, HEAD OF LEGAL & COMPLIANCE AT CERTES NETWORKS INSISTS THAT IT’S TIME FOR CISOs TO TAKE A LEAD ROLE IN THE DIGITAL TRANSFORMATION PROCESS - OR RISK BEING SIDELINED FOR GOOD Digital transformation has become a business imperative, yet rather than pulling together to enable essential change, the friction between network and security teams is increasing. The business needs to move away from data centres and traditional Wide Area Networks (WAN) to exploit the cost, flexibility and agility provided by the cloud and Software Defined WANs (SD-WAN). Chief Information Security Officers (CISOs), especially those working in regulated industries, insist the risks associated with public infrastructure are too high. Stalemate. Until now. Organisations are pressing ahead with digital transformation plans and excluding the CISO from the conversation. But at what cost? Who is assessing the implications for regulatory compliance? At what point will the Chief Risk Officer prohibit the use of the SD- WAN for sensitive data, leaving the business running legacy and new infrastructure side by side, fundamentally undermining the entire digital transformation project? A new attitude is urgently required, one based on collaboration, understanding and a recognition that a Zero Trust security posture can safeguard even the most sensitive data, while unlocking all the benefits associated with SD-WAN. ACCEPT CHANGE CISOs need to face up to the fact that digital transformation is happening - with or without them. Organisations need to embrace the agility, flexibility and cost benefits offered by the cloud, by Softwareas-a-Service and, critically, the shift from expensive WAN technology to SD-WAN. For CISOs, while the migration to SD- WAN extends the attack surface, adding unacceptable data vulnerability, saying no is not an option any more. CISOs risk being left out of the digital transformation loop - and that is not only adding significant corporate risk but also compromising the expected benefits of this essential technology investment. Network and IT teams are pressing ahead, insisting the risk is acceptable. How do they know? For any organisation, this is a dangerous compromise: critical risk decisions are being taken by individuals who have no understanding of the full implications. For those organisations operating in regulated industries, these decisions could result in an exposure to $10s millions, even $100s millions of penalties. Failure to embed security within the initial digital transformation strategy is also compromising progress. What happens when the CISO or Chief Risk Officer discovers the business is in the process of migrating from the old WAN to a new SD- WAN environment? Suddenly the brakes are on, and the call is for sensitive data to be encrypted before it hits the network. Adding Internet Protocol Security (IPsec) tunnels will degrade performance - so the business is then stuck using the legacy WAN for data connectivity while still paying for the SD-WAN and failing to gain any of the agility or cost benefits. More frustration and friction between teams that should be working together to support business goals. DRIVE CHANGE Security is a fundamental component of digital transformation - indeed of corporate operating strategy. Rather than avoiding change, CISOs have a responsibility not only to secure the organisation but to proactively advocate change, with security as the key enabler of digital transformation. 20 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
FEATURE: WAN PERFORMANCE Digital transformation does not by default create an inherently insecure environment - but it will require organisations to, somewhat belatedly, embrace a Zero Trust model. It has been clear for many years that there is no correlation between ownership and trust. Just because a company owns infrastructure and assets does not automatically infer total trust over data security. Similarly, infrastructure outside the business is not inherently untrustworthy. The key is to build trust into a secure overlay to protect data that will allow a business to operate across any infrastructure, whether it is owned or public. A High Assurance SD-WAN overlay, for example, uses crypto-segmentation to protect and ensure the integrity of sensitive data. With this Zero Trust approach, High Assurance SD-WAN means whether the network is public or private, trusted or untrusted, is irrelevant: the data security team simply needs to define the policy and, with ownership of the cryptography keys, can be confident that data is protected at all times wherever it goes. WORKING TOGETHER Adopting a Zero Trust security posture changes the outlook for CISOs - and provides a foundation for vital collaboration with the networking and IT teams. With confidence that the data is secure regardless of network location, everyone involved in digital transformation can achieve their goals: IT and network teams can embrace the flexibility and agility of the cloud, SaaS and SD-WAN, while the security team still has control of the security posture. This can only be achieved if the business embraces a different mindset. It is essential to think about security by design from the outset - and to break down the barriers between network, IT and security. The introduction of the Secure Access Service Edge (SASE) framework provides clear guidelines for the convergence of these teams to drive additional business value but the onus - and opportunity - lies with the CISO to ensure the entire organisation truly understands the digital transformation objectives. This also demands an essential shift away from a regulatory compliance focused security posture - something that is inherently flawed due to the impossibility of creating regulations that keep up with the ever changing security threats - towards a truly business driven approach. Working together to plan the digital transformation process may take a little more time up front but it will result in a secure foundation that will remove any constraints to innovation and agility. CONCLUSION It is time for CISOs to change. There is no value in endlessly blocking essential new technology projects; and no upside in being excluded from vital plans as a result. By taking a proactive stance and driving digital transformation strategies, CISOs can redefine the role, become a key strategic player within the business and act as an enabler, rather than a constraint, to operational success. It is time to find a way to say yes to secure digital transformation - without compromise. NC WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 21
Page 1 and 2: NETWORKcomputing I N F O R M A T I
Page 3 and 4: COMMENT COMMENT WHEN IT RAINS, IT P
Page 6 and 7: INDUSTRY NEWS NEWSNEWS NEWS NEWS NE
Page 8 and 9: OPINION: ZERO TRUST A QUESTION OF T
Page 10: PRODUCT REVIEW NetAlly EtherScope E
Page 13 and 14: PRODUCT REVIEW Progress Flowmon Col
Page 15 and 16: OPINON: NETWORK DOWNTIME DOWNTIME D
Page 17 and 18: SECURITY UPDATE (NCSC) Zero Trust d
Page 19: SECURITY UPDATE now to reduce their
Page 23 and 24: EVENT ORGANISERS: Do you have somet
Page 25 and 26: FEATURE: WAN PERFORMANCE cable TV a
Page 27 and 28: OPINION: IOT outcomes and efficienc
Page 29 and 30: AWARDS 2022 NETWORK INFRASTRUCTURE
Page 31 and 32: AWARDS 2022 EDUCATION & TRAINING PR
Page 33 and 34: AWARDS 2022 CLOUD BASED SOLUTION OF
Page 36: On-Prem Cloud Success Stories IDC I

NC Sep-Oct 2022

Create successful ePaper yourself

Delete template?

Save as template?