NC Sep-Oct 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
FEATURE: WAN PERFORMA<strong>NC</strong>E<br />
WHY CISOs MUST NOW EMBRACE SD-WAN<br />
SIMON HILL, HEAD OF LEGAL & COMPLIA<strong>NC</strong>E AT CERTES NETWORKS INSISTS THAT<br />
IT’S TIME FOR CISOs TO TAKE A LEAD ROLE IN THE DIGITAL TRANSFORMATION<br />
PROCESS - OR RISK BEING SIDELINED FOR GOOD<br />
Digital transformation has become a<br />
business imperative, yet rather than<br />
pulling together to enable essential<br />
change, the friction between network and<br />
security teams is increasing. The business<br />
needs to move away from data centres and<br />
traditional Wide Area Networks (WAN) to<br />
exploit the cost, flexibility and agility<br />
provided by the cloud and Software Defined<br />
WANs (SD-WAN). Chief Information<br />
Security Officers (CISOs), especially those<br />
working in regulated industries, insist the<br />
risks associated with public infrastructure<br />
are too high. Stalemate.<br />
Until now. Organisations are pressing<br />
ahead with digital transformation plans<br />
and excluding the CISO from the<br />
conversation. But at what cost? Who is<br />
assessing the implications for regulatory<br />
compliance? At what point will the Chief<br />
Risk Officer prohibit the use of the SD-<br />
WAN for sensitive data, leaving the<br />
business running legacy and new<br />
infrastructure side by side, fundamentally<br />
undermining the entire digital<br />
transformation project?<br />
A new attitude is urgently required, one<br />
based on collaboration, understanding<br />
and a recognition that a Zero Trust security<br />
posture can safeguard even the most<br />
sensitive data, while unlocking all the<br />
benefits associated with SD-WAN.<br />
ACCEPT CHANGE<br />
CISOs need to face up to the fact that<br />
digital transformation is happening - with<br />
or without them. Organisations need to<br />
embrace the agility, flexibility and cost<br />
benefits offered by the cloud, by Softwareas-a-Service<br />
and, critically, the shift from<br />
expensive WAN technology to SD-WAN.<br />
For CISOs, while the migration to SD-<br />
WAN extends the attack surface, adding<br />
unacceptable data vulnerability, saying no<br />
is not an option any more. CISOs risk<br />
being left out of the digital transformation<br />
loop - and that is not only adding<br />
significant corporate risk but also<br />
compromising the expected benefits of this<br />
essential technology investment.<br />
Network and IT teams are pressing<br />
ahead, insisting the risk is acceptable.<br />
How do they know? For any organisation,<br />
this is a dangerous compromise: critical<br />
risk decisions are being taken by<br />
individuals who have no understanding of<br />
the full implications. For those<br />
organisations operating in regulated<br />
industries, these decisions could result in<br />
an exposure to $10s millions, even $100s<br />
millions of penalties.<br />
Failure to embed security within the initial<br />
digital transformation strategy is also<br />
compromising progress. What happens<br />
when the CISO or Chief Risk Officer<br />
discovers the business is in the process of<br />
migrating from the old WAN to a new SD-<br />
WAN environment? Suddenly the brakes<br />
are on, and the call is for sensitive data to<br />
be encrypted before it hits the network.<br />
Adding Internet Protocol Security (IPsec)<br />
tunnels will degrade performance - so the<br />
business is then stuck using the legacy<br />
WAN for data connectivity while still<br />
paying for the SD-WAN and failing to gain<br />
any of the agility or cost benefits. More<br />
frustration and friction between teams that<br />
should be working together to support<br />
business goals.<br />
DRIVE CHANGE<br />
Security is a fundamental component of<br />
digital transformation - indeed of<br />
corporate operating strategy. Rather than<br />
avoiding change, CISOs have a<br />
responsibility not only to secure the<br />
organisation but to proactively advocate<br />
change, with security as the key enabler of<br />
digital transformation.<br />
20 NETWORKcomputing AUGUST/SEPTEMBER <strong>2022</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK