[BreachExchange] IT Won’t Recognize Itself by the End of the Year

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 31 19:52:22 EDT 2017


https://informationweek.com/strategic-cio/it-strategy/it-
wont-recognize-itself-by-the-end-of-the-year/a/d-id/1328624

How many times a day does your organization rely on connected technology to
get business done? IT is at the center of nearly every interaction we have
today, every email, phone call, and text, every order placed and filled,
every patient cared for, every financial transaction completed. Now more
than ever, IT is responsible for keeping the lights on both literally and
figuratively. It’s no longer a support system. It’s the foundation of
modern business.

But this is just the beginning.In fact, I predict that the role of IT will
change more this year than it did in the last five years. Everything from
the job function, reporting structures, expectations and integrations with
business groups will dramatically overhaul how IT operates day-to-day, and
the strategic function of IT in driving business outcomes.

Following are three significant shifts IT can expect to see this year, and
some thoughts on how teams can best prepare.

“Dev” takes over DevOps. The convergence of IT operations and DevOps will
accelerate as the ownership of traditional IT operations functions –
maintenance, performance, and availability – come within the purview of
those who developed those systems in the first place. IT will be faced with
converging culturally and technologically, as this new model demands a
single team to manage the entire application lifecycle from development to
production.

In my experience, the best place to start is in creating a cross-functional
team that draws from IT operations, engineering, security and networking
personnel to assess a common denominator: What is impacting performance? A
single, unified view of all systems and data in your environment allows you
to start to understand underlying performance issues: Was it
infrastructure, a misconfiguration, a code issue? Understanding where
problems stem from allows teams to resolve issues more quickly, and set
processes in place to prevent them in the future.

Cross-functional teams not only boost IT performance, but they help achieve
better business outcomes. We work with one healthcare company whose
delivery of fast applications are critical for physicians who depend on
electronic medical records to quickly access life­saving information
affecting everything from patient safety -- such as drug allergies -- to
patient access of specialist referrals. Building a cross-functional team
using a single source of IT truth allowed the healthcare company to monitor
and measure performance across all stages of an application's lifecycle, as
well as observe and compare in real-time the throughput, response time, and
errors in the development, QA, staging, and production environments.

Security is now everyone's job. IT security has spent the past few years
moving slowly through the stages of grief regarding perimeter security.
>From the explosion of ransomware to massive DDoS attacks, the threat is
greater than ever. 2017 may be the year that we finally reach the
acceptance stage. This means accepting that bad actors, whether employees,
contractors, or outside agitators, are already inside the network. It also
means involving many more stakeholders in security, working with network,
storage, applications, and other teams to understand what “normal” looks
like in their world, and how to best identify potential bad actors. To put
it simply: To improve security, it must become everyone’s job. While
dedicated security teams won’t go away, other IT teams will be asked to
step up in a big way – to have a better understanding of the assets for
which they are responsible and detect anomalies sooner.

It is extremely difficult to get folks to care about security. Most people
are simply not that attentive, right up until they get bit. Five years ago,
the personal impacts of making a poor choice with an email or a website
were minimal. Now, with the rise of ransomware, the impact is profoundly
personal. You clicked on the link, it is your machine that is now
encrypted, your files, your work. My suspicion is that this personal
accountability will drive changes in personal vigilance.

We are the product. Technology is no longer how we sell, it's what we sell.
This is true not only for hardware and software vendors, but for businesses
across all verticals who are selling not just a product, but an
accompanying digital experience. IT will be shoved out of the back office
and into the front office as companies look to increase top-line and
bottom-line revenue, integrate systems, and mitigate risk.

In IT, one of the most important things we need to come to grips with is
that technology is not about technology, it’s about people. People are
building, maintaining and consuming technology. As a CIO, I actually spend
the bulk of my time visiting with customers, understanding their pain
points and bringing those insights back to my team so we can tune our
operations to meet their needs. I help customers understand the
implications of their choices around various tools and technologies: short
term gain vs. long term pain, ease of use vs. super secure. Business goals
are the driving factor behind all decisions. We must embrace these
front-line experiences, understand what our customer pain points are and
tune our operations to better align to the business.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170831/52057500/attachment.html>


More information about the BreachExchange mailing list