In a recent security and connectivity event a group of senior technology leaders had the opportunity to network and drive some of the fastest cars in Australia around the racetrack at Eastern Creek, to gain a unique perspective on the power of combining high-performance with safety and security.
It’s a concept that’s become increasingly important in the context of business communications, as the challenges wrought by COVID’s push to new working modes and with it new cyber security risks have now become a top priority, not only for technology leaders, but also the CEO and entire c-suite.
As part of the event attendees also engaged in an interactive high-level panel discussion led by Enablis – featuring a number of leading experts in cyber security and communications, including:
- Darren Kane, Chief Security Officer, nbn® Australia
- Sean Duca, VP, Regional Chief Security Officer – APJ Palo Alto Networks
- Luis Urbaez, Chief Technology Officer, Enablis
Panel host, Jon Evans, Enablis’ Founder and Director, kicked off the discussion asking: “if it’s possible to have robust security without compromising performance?.”
Everyone agreed that it is, but that achieving this holy grail requires not only the right technologies and technology mix, but just as importantly, that senior leadership are properly briefed and brought onboard, along with the broader organisation, to ensure success.
Cyber-attacks both from organised crime gangs and state actors are rising sharply, not just in number, but also sophistication as the constant flurry of media reports shows.
Australian businesses also need to be across the shifting regulatory and legislative environment, with amendments to things like the Security Of Critical Infrastructure (SOCI) Act heralding a new era of corporate responsibility and accountability, and as the Notifiable Data Breach (NDB) laws continue to remind business leaders of their obligations.
Meanwhile, of course, every business is having to accommodate increasing numbers of staff choosing to work outside of the traditional network perimeter, or at the ‘edge’, now a key target for malicious actors.
Advice to stop catastrophising
One of the panellists provided this advice – while cyber security is a top business priority today, “organisations also need to stop catastrophising” about the issue and develop practical strategies that ensure they deploy the best solutions and processes to deliver maximum protection for their specific environments. “We know the risks. Fear, uncertainty and doubt needs to be addressed.”
Every organisation is different and there’s no one size fits all solution in today’s increasingly complex digital landscape.
But while some organisations operate in higher risk environments than others, it’s incumbent upon all to clearly understand their specific risk profile and risk appetite before they can clearly define the challenge and how to go about addressing it. “Once you know what the crown jewels are then you can have practical conversations,” added another of the panellists.
“Look inside your environment to see what keeps the lights on in your business? Clearly understand the risk that you’re trying to manage. If it’s data then it’s the people using the data you need to be concerned about.”
He added, if people are, say 65 or even 85 percent of your problem, they’re 100 percent of your solution. So communicating clearly and precisely is critical too.
Use SASE to make cyber security an enabler
Organisations that get this right can look forward to cyber security being an enabler for their business, giving them more – not less – time and confidence to do other things. And once security is established as a genuine enabler, it then follows that organisations are able to enjoy the full benefits of fast and reliable connectivity.
Enter Secure Access Service Edge (SASE), fast emerging as the dominant framework allowing organisations to deliver both robust security and high performance in ways that are tailored to their individual needs and are aligned with their specific business outcomes amid constantly changing conditions.
A panellist observed, it’s not so much the new normal that organisations need to come to terms with, it’s more like “the new now.”
People are coming back to work, with some organisations even expanding their office footprints. But the overriding trend is one of dynamic change whereby staff are choosing their own hours and locations. For example, Luis Urbaez, chief technology officer, Enablis reminded delegates that if they’re concerned about staff working from home, they need to wise up to the fact “they’re probably also working from their local coffee shop.”
Delivering the same experience
The upshot for technology leaders and their peers in the c-suite is that people need to have the same experience no matter where they are. And that means the ability to deliver robust security at the same time as optimal performance is absolutely critical.
Still a relatively new technology framework and concept, SASE is perceived by many as being essentially for remote / branch access. But it’s a lot more than that.
Boasting a fully cloud-based architecture, SASE enables organisations to completely restructure how they handle – and think about – data and communications. It allows for information to move freely between cloud and on-premise environments, no matter where they are, while enforcing true zero trust principles, providing centralised unified management as well as, critically, intrusion detection and intrusion prevention.
But deploying SASE is not just something that the IT department should be left to worry about on their own. It needs to be a whole-of-company exercise, in particular involving the c-suite and the board.
Getting their buy-in, however means technology leaders need to adapt their language for the c-suite if they’re to bring them along on this multi-year and unpredictable journey.
“As soon as you start using terms like nation state, bad actor, attack surface, credential harvesting, password reuse and the like you risk losing their attention.”
“They need to start talking the language of business, which includes things like risk and ‘dollar figures.’”
For instance, every CEO, every CFO needs to know if the company spends $X on cyber security, what does that actually mean? How much will their risk be reduced by?
What for certain, though, is that any organisation investing in true SASE will quickly realise real benefits in terms of greatly improved security posture, better data, application and security management as well as better performance, the benefits of which will be felt right across the organisation.
To access complimentary resources about how to get robust security without compromising performance and user experience click here.