Last year cloud infrastructure (again) proved its worth. In fact, there is little doubt that public cloud providers may have indirectly helped save the U.S. economy. Facing pandemic lockdowns and a global economic downturn, businesses needed to pivot quickly to keep their people working. This is not news. Cloud infrastructure, as well as cloud-based applications, fueled these rapid remote deployments and even drove the adoption of new business models like telehealth and grocery delivery for those who had previously been hesitant. At this point, cloud is here to stay. With so many companies having sped up their digital transformation processes, there’s no reason not to just lean into them full-tilt, and CFOs are at the front of this race. It would appear that to support growth through creative business models that are built to survive a pandemic (or whatever else comes our way), CFOs are continuing to increase investments into digital transformation initiatives that create new revenue streams. This puts them at the helm of innovation for their organizations – and very much in the spotlight. Now what?
Forrester updated its 2021 cloud predictions to incorporate the widespread rush to the cloud we saw last year:
COVID-19 forced companies to prioritize speed and customer experience (CX) over cost savings and efficiency — and they flocked to public cloud faster than ever. Etsy spun up new Google Cloud infrastructure to meet a spike in e-commerce; Lowe’s got a curbside pickup app running in three days; Moderna is using AWS to accelerate COVID-19 vaccine research. Forrester previously predicted that the public cloud infrastructure market would grow 28% to reach $113.1 billion in 2021. Mid-pandemic, the four largest public clouds maintained very strong revenue growth (AWS: 29%, Microsoft Azure: 47%, Google Cloud: 43%, and Alibaba: 59%) as companies accelerated cloud migrations and rushed out new apps to meet fast-changing consumer demands. We now predict that even with a surge in edge computing spending, the global public cloud infrastructure market will grow 35% to $120 billion in 2021 and that Alibaba Cloud will take the number three revenue spot globally, after AWS and Azure.
Call to Protect Their Investments
Boards, excited about the creative pivots, are looking to their CFOs for ROI on 2020-21 technology spends. At a business level, this is easy. X technologies enable Y revenue streams for Z profits. However, with cybersecurity attacks as the number one financial risk to most industries right now, questions about vulnerabilities and losses have finally made their way into the boardroom. In turn, this puts pressure on CISOs – with the full support of their CFOs – to be in lockstep on preventing any incidents that could threaten access to technology, generate compliance violations, or result in costly lawsuits. To put it plainly, CFOs have spent millions on tech, leading companies that are in technological flux, and the last thing they need is a ginormous data theft or ransomware attack to screw it all up.
The Increased Risk is Real
There is no question that leveraging the cloud or cloud-based partners can free you up to enable more business with better margins. Also, as is the nature with any change to your environment, it can definitely increase risk. You have teams learning new technologies, more potential vulnerabilities and exploits, added supply chain risk (which has proven to be significant this past year), and the age-old possibility of user error/risk. It would seem, looking back, that cyber attackers were also watching these trends, because attacks are hitting an all-time high. IBM’s 2021 Cost of a Data Breach Report puts the average total cost of a breach at 10% higher than the previous year. Ransomware breaches cost an average $4.62m, which doesn’t even include the cost of the ransom, itself. Malicious “wiper style” attacks that destroy data cost an average of $4.69m. Colonial Pipeline, JB Meat, Solarwinds: these are just some of the major attacks that hit the newsstands. For every attack you read about, there are countless more that go either unreported or don’t make headlines.
What do most people do in a crisis? Buy a new technology. In this case, at least it’s an effective one.
The Rise of Endpoint Security
As a result of increased risk and widespread attacks, one of the most widely deployed cybersecurity solutions in recent months has been Managed Detection and Response (MDR). MDR offers a way to send security with the user, pushing the bounds of protection all the way to the end user, rather than focusing efforts on network layers. This decentralized approach “reduces the cybersecurity risks which gain visibility and a clear view of the threats which is growing individuals business in order to improve defenses” (IndustryARC 2021). IndustryARC cites factors driving rapid adoption of MDR as “increasing instances of cyber-attacks, shortage of cybersecurity practitioners, and need for compliance to various government regulations.” MDR provides an immediate fix for endpoints, which is quite helpful while one is organizing and better securing the rest of the environment. Cloud and remote deployment rollouts simply happened too fast recently for CISOs to get all of the necessary security layers in place. So, the ability to quickly add a layer that extends to the remote user’s machine has been a great relief to many who want to avoid what their neighbors or competitors have been facing with cyber attack losses.
Too Many Tools to Manage
Still, these tools require people to manage them, because the most effective MDR (or other monitoring) solutions are those backed by a fully staffed, 24x7x365 Security Operations Center. Otherwise, the technology becomes part of the other big problem facing large organizations right now – vendor bloat. When you think about all the technologies an organization needs to manage operations, enable business, support innovation, protect network access, filter emails, monitor network activity, monitor endpoint activity, provide secure wifi, manage user identities, and keep effective, tested backups, you begin to realize what midmarket and enterprise CISOs are up against. Every one of their new security technologies has its own alerting system, requirements for patches and updates, integration needs, user nuances, policy management process, access control, reporting, etc. It becomes overwhelming in a hurry, so it’s not hard to see how – especially in a year where everything has changed so rapidly – one update or configuration can get missed. Or, an alert can be overlooked. Maybe a vendor security review isn’t as diligent as it should be. To make things even harder in a busy environment, teams have been running even leaner than usual.
Vendor Sprawl is Expensive (and Inefficient): Consolidate
It’s expensive to hire new team members, but in the long run, it’s also expensive to have too many vendors. According to Gartner, one way smart organizations are cutting costs is through Vendor Consolidation. 80% of the CISOs surveyed last year were interested in vendor consolidation strategy (2020 CISO Effectiveness Survey). Why? “78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more. Too many security vendors results in complex security operations and increased security headcount.” (Gartner)
Will the Real Slim Shady Please Stand Up
In many cases, you have MSPs offering services that are actually being outsourced overseas on the back end, because they just don’t have the capabilities in-house. If you do your homework, though, you can find those vendors who provide many of the services you need and the deep bench of experts to help you manage them. These are the unicorns, or as our VP of Information Services likes to say, “TRUEnicorns”. The key is to dig, do your research.
Efficient and Lean Wins This Race
Finally, look for ways to make your data work harder for you. For example, pulling all of your security data into one place and adding automated processes can make all the difference in the world in your response times. Helpful management portals that allow you to manage not just security data, but your compliance through a single interface can also be a game changer. There is only one you, and you know how hard it is to find trained cybersecurity specialists right now, so you just have to find ways to be more efficient.
You've Got This
Know that all of us at TRUE are pulling for you. Heck, if your organization survived – maybe even grew – last year, you’re already on a good roll. Manhandle that digital transformation project and protect your CFOs ROI in the process. If you decide you need some help, you can always give us a call.