Risky Business: the balancing act between security and continued innovation

December 22, 2017 Claranet Limited

 

IT leaders are under constant pressure to deliver the potential business benefits of BYOD, SaaS, cloud computing, and Shadow IT. But they also have a responsibility to manage the risks.

Maximum opportunities, minimum risks

Tech today drives the global economy. And it can be a bumpy ride.

An explosion of form factors has resulted in computers that look like watches, and phones that work like laptops. Public and private clouds connect users not just to extra storage, but to whole ecosystems of web services and processing power. Trends of SaaS, BYOD, and Shadow IT mean a company’s business-critical technology is increasingly housed outside office walls with more and more people using their home laptop for work, with countless unapproved apps just a minute’s download away.

Companies that don’t embrace these megatrends won’t sidestep the challenges; they’ll just not be around any more. But it’s a vast ocean of innovation and opportunity for companies that know how to take advantage of it. As long as they can deal with the common denominator in this brave new world: security risk.

Balancing act 1: Steel vault versus secure SaaS

IT decision makers today are constantly being asked to do more with less. And a while back, the most cost-effective solution was to centralise your data and put a firewall around it, keeping it all where IT staff could manage it. But with today’s network involving a lot more than a server, desktops, and Microsoft Office, it’s less and less practical to deal with every aspect of security yourself. Even vast organisations like Britain’s NHS don’t always get it right.
 

At first glance, this increased focus on security would seem to add more zeros to the cost column. But the report shows the business case for securing all your corporate data in-house is weakening. So to balance things up, companies are looking to Software as a Service (SaaS) vendors for whom data security is a core competency.

 

Keeping it all in-house may seem safer. But for today’s SaaS vendors, data security is mission-critical: their continued existence depends on it. So many of them invest hugely in security solutions for their customers’ data. Rock-solid VPNs, strongly encrypted remote access, even their physical infrastructure. A bunker-like datacentre, hardened against natural and technological disasters, contributes more to physical data security than your budget ever could.

 

So that’s our first balancing act: take advantage of secure SaaS, because those vendors focus on security without compromise – while spreading the costs among all their customers. It’s our first clue that innovation versus security doesn’t need to be a trade-off.

 

Balancing act 2: Cost control outsourced to the cloud

If you’re like most IT departments, you’ve had to increase your network resources to take account of busy times. This overhead sits idle 95% of the time, yet adds to your costs 24/7.

 

The need for burst capacity is driving another beneficial balancing act: outsourcing burst to the cloud. From Akamai to Amazon Web Services, experienced vendors are renting capacity rather than equipment – with high security as a selling point. 92% of organisations doing it report lower costs than handling it all in-house.

 

That’s great for reducing your ongoing costs – paying for the capacity you need only when you need it. Another example of a need for secure services actually driving innovation.

 

Balancing act 3: The security of a good SLA

Beyond burst capacity, many companies are outsourcing business continuity itself to the cloud – by partnering with IT services companies to provide their applications, storage, and connectivity under a Service Level Agreement. Once again, these savvy companies are smoothing the peaks and troughs in their costs by providing ever-larger chunks of their IT infrastructure on a subscription basis.

 

With 256-bit AES encryption now the standard for remote applications – essentially unbreakable in use – security of your corporate data tends to be higher in an expert partner’s distant datacentre than in your local server cupboard, if data security isn’t your core competency. (As Talk Talk found out to its cost, inadequate in-house software management carries risks.)

 

While the peace of mind a good SLA gives you – smoothing out costs and letting you plan and budget ahead – frees you to apply your IT expertise to making your business competitive, without worrying about everyday fire-fighting. Again, increasing security has business benefits.

 

Balancing act 4: Intelligent monitoring to reduce workload

With significant parts of your IT infrastructure outsourced to the cloud, there’s another great balance: all your different devices and applications are on a shared infrastructure. This makes it far easier to collect information, see your IT landscape, and watch for problems.

 

SaaS software, of course, doesn’t need constant bugfixes and upgrades by your IT team: the vendor does it for you. While desktop sharing and application performance analytics enable closer and more interactive IT support than ever. And when major untoward incidents occur, vast resources can swing into action very, very quickly to combat them.

 

So the question for IT departments is: why not take advantage of all this outside expertise? While there’s no such things as a free lunch, this is certainly a cost-effective one.

 

When you outsource security to the network itself, everyone wins.

It’s interesting that in each of our balancing acts, security ends up being a benefit of innovation, not a costly add-on. And that’s key. Don’t let innovation drive your security. Let security drive your innovation.

 

According to the report, this is the right way to approach the changing world of corporate IT. Don’t think of a move to SLAs, SaaS, and BYOD as losing control; think of them as gaining security. If you outsource security to someone whose entire business model revolves around it, you’re in safer hands.

 

CONCLUSION

 

It’s clear that when you get the balance right, these four dark risks turn into bright opportunities for profitable growth. No vault you can build in-house is as secure as one tested daily by millions; nobody works harder to maintain service levels than someone whose job depends on it; automation of consistent processes is a no-brainer, letting you and your team concentrate on changing your business for the future.

 

So take the lead, and start balancing up your business.

 

KEY TAKEAWAYS

 

  • Securing your data in-house means you miss out on the skills and experience of leading security experts (not to mention how much of your own time it will take up)​
  • The right SLA can smooth your costs while increasing available resources​
  • Outsourcing for burst capacity means you only pay for what you need​
  • Monitoring your infrastructure remotely reduces the manual busywork of upgrades​
  • Don’t let innovation dictate security – let security flow from innovation!

 

 

Previous Article
Why IT strategy and corporate strategy should sing from the same hymn sheet
Why IT strategy and corporate strategy should sing from the same hymn sheet

Next Article
IT department heads today are strategic decision makers with a louder voice in the C-Suite.
IT department heads today are strategic decision makers with a louder voice in the C-Suite.