For those organizations who began 2020 with only long-term plans for migration to the cloud, the closure of UK Ltd and UK plc almost overnight, came as an almighty shock. Time to think and put in place a watertight digitization strategy became a luxury that could no longer be afforded as organizations scrambled to act rapidly to world events.
The sudden and massive shift to remote working accelerated cloud migration for 76 percent senior executives worldwide surveyed in Radware’s latest C-Suite Perspectives report. However, such rapid digital transformation didn’t come without its challenges, and the haste with which organizations have migrated has created security gaps in their infrastructure. Lack of understanding of the threat landscape and the perceived security that public cloud vendors provide has resulted in 40 percent of senior execs seeing increased cyber security attacks during the pandemic.
It’s pretty clear that for now at least, the need to continue with home working or a hybrid model is here to stay unless the world tilts back on its pre-COVID axis. But even then, the vast majority (83 percent) of C-level executives expect the changes they made in the areas of people, processes and applications to become significantly or partially permanent, and 80 percent of leaders expect a quarter of employees to stay working from home in future.
The transition to remote work and new online contactless business models is not temporary and is affecting the future strategy of how organizations invest in cybersecurity. Normally, businesses would make this shift over an extended period of time – but this has contracted enormously – before the pandemic, digital transformation was a long-term strategic goal for most businesses. On-demand content consumption, contactless payments, home delivery, and remote workforces are now business imperatives and executives must revisit what they’ve implemented to ensure that a lack of cybersecurity planning does not undermine their goals. For that reason, reverse engineering the gaps in their network security is now mandatory as they spend 2021 mending holes in their fences ready for what’s to come next.
Investment in technology
Between March and September 2020, organizations have largely been consumed with keeping afloat and steadying the ship with senior executives quickly identifying operational efficiencies to control costs and continue to support customers, suppliers and employees. The biggest focus has been in optimizing capex/opex models, reducing or furloughing the workforce, cutting back on office space or property assets and moving to remote working and the cloud.
However, there is an acknowledgment that investing in IT infrastructure is where redeployment of investment should be to bring about a growth in market share and create new sources of revenue, whilst also reducing operational expenses. The unexpected business transformation has brought about some long-term benefits aided by digitization and it’s not gone unnoticed. C-Suite execs report that employee productivity has significantly improved as work-life balance has been redressed leading to a greater retention of workers who are enjoying the flexibility of working from anywhere. It’s also true that geography has taken second place to hiring the best candidate for the job, with skills being the most important criteria going forward aided by having a much wider geographic pool of potential people to choose from.
Mending security fences
With renewed focus on technology to bring about the changes needed, it’s crucial that organizations recognize that infrastructure must be secure. Our new office environment is anywhere we can find a connection to Wi-Fi, and that opens many more doors to cyber-attacks. The rapid shift in business operations significantly impacted the cyberthreat landscape - as companies fast-tracked the migration of digital assets to the cloud, they also inadvertently increased the attack surfaces from which hackers can try to gain access to their data and applications.
C-suite executives are moving quickly with network plans to support exploding customer and supplier demand for contactless interactions and the unplanned need to connect a remote workforce, yet they are also aware that they are not fully prepared to adequately protect their organizations from unknown threats.
The situation is further compounded by the cloud shared responsibility model, which says that cloud service providers are responsible for the security of the cloud while customers are responsible for securing the data they put into the cloud. Many organizations rely on their third-party providers to certify security management services, but the decentralized nature of this model can add complexity to how applications and computing resources are secured. Organizations can’t simply move their critical business infrastructure and applications to the public cloud and assume that the hosting partner will take care of security. Cloud providers typically deliver the same standardized security across their customer base, essentially a “tick box level” offering that meets basic requirements but does not meet the individual needs of a specific organization. This depends on the nature of the application and the organization’s readiness to move to the cloud as is or needing to be transformed into a cloud-native architecture. Organizations may assume that cloud providers are securing their digital assets without realizing how many gaps exist in the broadened attack surface.
Cybersecurity is a key business driver that senior managers know must be incorporated into strategic planning at the highest levels. As the volume and sophistication of cyberattacks continue their relentless pace, they will seek ways to automate detection and mitigation because unresolved security incidents will compound and be disastrous for companies already dealing with issues related to the pandemic.
The road ahead
What has the pandemic taught us about future-proofing businesses? It globally affected nearly every aspect of an organization in a concentrated amount of time and organizations that had strong disaster plans and an agile IT infrastructure already in place fared better than those that did not. To better position their companies against continuing disruptions, C-suite executives have, and continue to sharpen their focus on strategies that build resiliency.
Throughout the next two years they will continue to shift to the cloud and increase their investments in IT infrastructure and applications, in addition to machine learning, AI and automation. This will create more agility and efficiency in business operations and provide a better digital experience for consumers. These changes will require a powerful, complex security posture that is both agile enough to evolve at the speed of business and robust enough to ensure protection against a rapidly expanding threat landscape that specifically targets the cloud. Adopting and fine-tuning a rapid and secure roadmap for migration to the cloud will future proof the organization and help it navigate the road ahead – no matter how bumpy that may turn out to be.
Rob Hartley, Managing Director for EMEA and LTAM, Radware