A recent study by EY has shown that a majority of UK firms are holding off on adopting new, efficient, and cost-effective technologies such as cloud computing due to cybersecurity concerns. The report, ‘Cybersecurity for competitive advantages’, also shows that 42 per cent of the technology and business leaders feel they are behind their competitors in the adoption of new technologies.
The findings of the EY report are similar to those of our own research, commissioned in early 2019. For this report, State of Digital Transformation—EMEA 2019, Atomik Research surveyed 404 CIOs, CISOs, and heads of network architecture within UK and European enterprises with more than 3,000 employees, aiming to gain insight into the status of companies’ digital transformation efforts, as well as the challenges faced and their biggest concerns about digitisation. When asked about the biggest obstacle to digital transformation, security topped the list across the board. Eighty per cent of enterprises reported having security concerns about the way in which employees remotely accessed data and applications, with the primary focus on the use of unsecured networks (34 per cent) and unmanaged devices (21 per cent) as well as blanket access to the entire corporate network (20 per cent).
Companies embarking on digital transformation initiatives are beginning to recognise that the traditional way of providing remote access connectivity to their applications residing in the cloud or corporate networks are riddled with security risks. With the extension of the perimeter to the internet, segmentation on the application level is needed to strengthen security, as mobile employees, consultants, and third parties require access to certain applications.
Both reports demonstrate the need for companies to think differently about security as they move applications and infrastructure to the cloud. While it’s great to see that respondents of both surveys believe digital transformation to be an important business initiative, it’s disappointing to see that they do not see cybersecurity as an essential component of such a transformation. In the EY report, Mike Maddison, advisory cybersecurity leader for EY Europe, said: “According to our survey, more than half (57 per cent) of organisations do not have a board member with direct expertise in cybersecurity, and nearly two-thirds (67 per cent) do not think one is needed.”
Keeping network performance in mind
Our own report showed that digital transformation remains an IT decision predominantly, but that business decision-makers are increasingly playing a role. Indeed, CIOs (54 per cent) and chief digital officers (47 per cent) are driving digital transformation, while just under a fifth of businesses (18 per cent) claim their CEOS are pushing for or owning digital transformation. And with good reason: the top reasons for digital transformation were nearly equally distributed among flexibility for employees, a new business strategy to focus on core competencies, improved profit margins, and increased cost savings.
However, while this enthusiasm is encouraging, companies have to consider the effect that application transformation has on their network performance and bandwidth consumption, as well as the latency added by hub-and-spoke architectures from the outset. Moving applications to the cloud needs to be considered alongside new network infrastructure and security requirements. And this is where the report did not identify consistent findings in line with a strategic approach to digital transformation, as only nine per cent of companies surveyed consider application, network, and security transformation of equal importance.
Companies that do not consider how moving applications to the cloud will impact their network performance and bandwidth consumption are setting up their users for latency and a poor experience. This is especially true for those that do not transform security and, instead, opt to retain their legacy systems in the data centre and regional hubs. That’s because 10 years ago, approximately 10 per cent of an enterprise’s traffic was destined for the internet. Now, up to 90 per cent of network traffic breaks out to the internet, which necessitates a major shift in bandwidth requirements and a change in security infrastructure.
Putting security front and centre
Forcing internet- and cloud-bound traffic through regional hubs to apply security controls negates many of the benefits of moving apps to the cloud in the first place. The productivity and collaboration enabled by Office 365 are severely hampered by latency, and the ability to scale quickly is severely limited.
As companies plan their cloud transformation, they should make security a key part of the discussion. In the past, security was often a roadblock to the adoption of new technologies, but today, security can be an enabler of the move to the cloud. By decoupling security from the network in favour of security that protects users and data regardless of network, organisations can provide the seamless access to applications and services users need. Put simply, as applications move to the cloud, security needs to move there as well.
As Mike Maddison from EY added: “Business leaders need to make the leap from seeing cybersecurity as only a protective measure, to it also being a strategic value driver.”
Nathan Howe, Director of Transformation Strategy, Zscaler