IDC predicts that global spend on digital transformation projects will reach $6.8 trillion between 2020 and 2023 – an amalgamated figure which tells us very little about the commitments of individual organisations. This dollar figure is made up of hundreds of thousands of projects, which are taking place in the majority of organisations around the world. Recent research by cloud security company Netskope and Censuswide found that 87% of organisations with more than 5,000 employees are either currently working on a digital transformation project, or have just completed one, with this percentage being consistent across North America, Europe and Latin America.
The goal of digital transformation is to future-proof an organisation with digital services. And it is easy to label exciting new business delivery formats as digital transformation, but in reality these initial change projects waterfall down through the entire infrastructure of an organisation, requiring secondary and tertiary overhauls in order to support the original – probably more publicly visible – objectives.
While the more glamorous headline digital transformation projects can ride their way through approvals on the promise of growth – or the threat of market obsolescence – the projects that underpin their success can struggle to communicate their merit in such grandiose terms. Such ‘underpinning’ is often the work of network and security teams – and the data bears this out with Netskope’s research showing that 62% of digital transformation projects involve both of those teams in a cross functional project.
Neil Thacker is EMEA CISO at Netskope and works with organisations to support some of the more complex organisational and cultural elements of transformation projects. He believes that the major challenges can be loosely grouped into two main categories; “There’s two items that come up in one guise or another every time an organisation is attempting network and security transformation; ‘help me understand the economic benefits of this transformation and explain them to the board’ and ‘how do I best organise my teams to efficiently and effectively deliver these projects?’.”
The economics of transformation
Network and security transformation tends to mean the movement of core functions into the cloud. The ‘push’ motivations behind this include cost reduction, tighter integrations, speed to deployment and scalability without the need to re-architect every time a significant change is needed. ‘Pull’ motivations cover areas such as improved security posture, innovation at scale and the opportunity for advanced data analytics.
Secure Access Service Edge (SASE) is a Gartner-coined term which captures an ideal end goal for network and security transformation, where users, data, and applications are increasingly outside of the traditional data centre in the cloud and must be managed and secured accordingly.
Thacker has produced a guide to the economics of network and security transformation, and he believes that to secure internal buy-in for SASE projects CIOs and CISOs need to take a close look at the tangible economic implications of transformation; “We must put aside the promise of ‘guesstimate’ growth numbers and instead calculate the immediate and short term economic advantages that can be unlocked through network and security transformation.”
For example, in a legacy network security set up using SWG and VPN, everything a remote worker does is routed back through the organisation’s data centre, where threat and data protection policies can be applied. With the majority of applications provisioned from the cloud and consumed by employees outside of the corporate network, security has become the only reason that the majority of traffic is going to the corporate data centre. This means that investment in network bandwidth, appliance capacity and specialist support hours can be immediately reduced with a transformation project that enables security policies to be implemented inline, in the cloud.
This logic is probably the reason that Gartner predicted that cloud security would be the fastest growing cyber-security market in 2020, with spending increasing by 33%, while it estimated a 12.6% decrease in spending on network security equipment.
Ensuring secure innovation with Secure Access Service Edge (SASE)
Neil Thacker, CISO EMEA at Netskope, spoke to Information Age about how Secure Access Service Edge (SASE) allows for secure continuation of IT innovation within companies. Read here
Leading the team through change
Obtaining any necessary board-level buy in for transformation projects is only half the battle. Any significant change project will require consideration of the organisational arrangement and availability of specialist skills.
The Netskope/Censuswide research found that 50% of global CIOs believe that a lack of collaboration between specialist teams is stopping them from realising the benefits of digital transformation projects. For context, assuming that 50% of CIOs are responsible for 50% of the $6.8 trillion digital transformation spend IDC predicts, then we are looking at a situation where a spend equivalent to the entire annual US tax income is in jeopardy because teams are failing to work together effectively.
The research was extensive, polling 2,675 IT professionals in 10 countries; specifically CIOs, security professionals and networking professionals. The researchers discovered that while just under half of security and networking teams report to the same boss, 37% of participants stated that ‘the security and networking teams don’t really work together much’. In fact, nearly half of the networking and security professionals described the relationship between the two teams as ‘combative’ ‘dysfunctional’, ‘frosty’ or ‘irrelevant’. They all agree that this imperfect relationship has the potential to derail huge plans.
Thacker has a theory for one of the causes of this divide; “The role of security is to find problems, both current and future, and orchestrate the fixing of them. And the problems they find are often in networking architectures. That’s the nature of the role, but it creates an obvious friction when security can be seen as a critical naysayer. While security owns a strategy, it relies upon the network, infrastructure, and application teams to execute and achieve business objectives. Security teams are often consulted prior to selecting a network security control but network and infrastructure teams will be the ones deploying and managing it.”
Thacker advises organisations to look to the successful bringing together of skill sets into DevOps and DevSecOps teams as a model for bridging the network / security divide; “We know that network and security teams are already pursuing shared goals as the research showed they identified the same three top priorities for 2021. So we can focus on tactical executions. At the front line, converging the two teams into a security and networking operations centre (SNOC) could be a big step in the right direction.”
Dedicated, cross-functional, skills-based teams reduce the need for standards-lowering compromise, and key to success will be the empowerment by leadership. Teams should be focused on project and operational outcomes rather than siloed activity, creating ownership across shared objectives and key results.
Network and security transformation is a foundational and architectural necessity for many digital transformation projects. To succeed, projects must be logical rather than ideological, with clear and immediate economic benefit as well as longer term, risk mitigation advantages. Just as crucial, however, is the ability of the teams to work collaboratively to drive projects to completion and work in the new ways enabled by the change. Historic concepts of ‘land ownership’ within the IT estate can only damage the returns of digital transformation.
This article was written as part of a paid partnership with Netskope.