Enhance security while lowering IT overhead in times of recession


“Is cybersecurity recession-proof?” That’s the question on the minds of many security professionals and executives as a possible economic downturn of indeterminate length and severity looms and many organizations are tightening their belts.

While research suggests that IT spending is showing some immunity to economic headwinds – Gartner is still predicting growth this year, albeit slower than last – CIOs are increasingly pressured to make strategic contributions to the business. For many organizations, this includes driving efficiencies through digital transformation.

Economic uncertainty in the face of non-stop threats, a severe talent shortage, and employees’ expectation of hybrid work as a job perk will stress IT spending throughout 2023. CIOs and CTOs should, in turn, prepare to streamline their budgets.

Expect vendor consolidation to be a running IT theme in 2023

How companies will allocate their security spending in 2023 remains up in the air. If economic uncertainty persists, expect organizations to mitigate risk and manage costs by consolidating their security services, solutions, and providers.

It’s easy enough to follow this logic. At a time of economic uncertainty, when IT budgets are under pressure, any investment needs to be a sure bet.

If executives can consolidate several different security services by investing in a single, unified solution, that’s an attractive opportunity. Reducing the number of security solutions and partners means costs get easier to project and control. If costs trend upward, that tends to happen in proportion to actual business demand (a justifiable increase).

There are also lessons from prior economic downturns. You can reduce debt, including technical debt, and invest in technology to weather recessions, as studies suggest. In the event of a significant economic downturn in 2023, that parallel will come up in executive suites everywhere. Now may be the perfect time to pitch your digital transformation.

Zero trust shuts out unnecessary costs, not just attack surfaces and lateral movement

Businesses looking to enhance preparedness for stormy economic conditions should pay close attention to the benefits of a secure digital transformation. Migrating to a zero trust network architecture (ZTNA), in addition to enhancing security by disrupting the classic cybercriminal attack chain, offers the potential for lowering overall IT overhead.

Here’s how:

By eliminating expenses inherent to hub-and-spoke network architectures.

Consider what it means to have a centralized facility with a substantial and growing number of branch offices. You must secure the entire network, and the bigger it gets, the more expensive it gets. You can leverage multiprotocol label switching (MPLS) to secure connections to branches, but that’s a pricey option that gets pricier with growth. The public internet, on the other hand, is more affordable but also riskier from a security standpoint, and the costs of a significant breach might easily outweigh the costs of MPLS in any given year.

By moving security appliances and related hardware assets to the cloud.

Think of all those firewalls, switches and routers, identity management systems, access controls, virtual private networks, and IPS/IDS systems. Each must be deployed, integrated, managed, and updated over time. The overall costs of conventional security architecture, in terms of technical and human expenses, quickly mount. And because different branches have different requirements, each will likely involve a unique mixture of assets. This means processes and skills required to optimize that mixture are also unique. It becomes increasingly difficult to secure the enterprise in a standardized and efficient manner. As the organization grows, so does the complexity.

By securely accommodating the growing expectation of hybrid work arrangements.

In a post-COVID world, workers expect to be able to telecommute, and organizations like the idea of hiring from a national or even global talent pool. But connecting every remote worker via a VPN increases the organizational attack surface, as the network is essentially extended, and each remote worker de facto becomes a branch office.

The security complexities of public cloud services must be considered as well.

Sure, you can create a gateway architecture to secure outbound and inbound traffic involving services like Salesforce, AWS, Box, etc., but is that cost-effective long term? As cloud services become increasingly ubiquitous, organizations will need a unified strategy to secure cloud services in the same way as the rest of the network topology.

A unified ZTNA strategy supports and secures all services, all apps, and all data, wherever they reside. It scales in proportion to demand instead of requiring a large and growing collection of security appliances distributed inconsistently across many branch offices. And it also empowers organizations to connect those offices via the public internet – dramatically less expensive than a cluster of private MPLS lines would be, with better security benefits.

ZTNA supports cloud-native services by design so that, as cloud utilization scales up, the organization’s security scales along with it – all without requiring the organization to purchase arrays of new security hardware or software or hire new security talent to manage, monitor and update it.

Because remote workers can easily be secured wherever they work, on their devices, organizations can also take full advantage of telecommuting to hire the best available talent for any given job. This helps reduce turnover and associated costs in the same way they’ve reduced the capital expenditures created by a vast, distributed, and sub-optimal security architecture.

In short, there simply may not be a more elegant, practical, or cost-effective way to secure business services in 2023 than by implementing ZTNA. And no doubt, in the coming year, recession or no recession, that’s precisely what many will choose to do.



Source link