At an elementary level, IT is all about using technology to enable the business. This really hasn’t changed, even back in the early days when IT was called data processing or management information systems.
In today’s IT world, business enablement is driving a few meta-trends. Cheap hardware and open source software is driving big data analytics to the mainstream. Organizations are abandoning the costs and constraints of on-site IT systems as they move applications and systems to the cloud. Mobile devices are becoming the primary compute platform for users, automating business processes and changing application development.
Given the crazy activity around new IT initiatives like these, it may be somewhat surprising that information security was rated as the most important of all meta-trends in a recent ESG research survey (note: I am an ESG employee). ESG asked 601 IT professionals working at mid-market (i.e. 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Europe to rank 6 different meta-trends on a scale from 1 (most important) to 6 (least important). The results were as follows:
- Information Security: Mean score of 2.31
- Data center modernization (aka, software-defined data center): Mean score of 3.42
- Data analytics: Mean score of 3.50
- Use of public cloud for applications and infrastructure: Mean score of 3.84
- Mobility: Mean score of 3.96
- Reinventing application development processes for cloud and mobility: Mean score of 3.97
So many IT initiatives are grouped together but information security stands alone as most important. To be clear, this does not mean that enterprise organizations will hold off on these other initiatives. Alternatively, CISOs face a difficult situation where they must reinforce cybersecurity defenses and oversight while supporting new IT initiatives. This means:
- Large organizations must scramble to get their houses in order. Legacy IT security tools and processes have been proven to be rather ineffective over the past few years. Many CISOs recognize this shortcoming and are pushing hard to build enterprise security technology architectures featuring central command-and-control, distributed enforcement, end-to-end visibility, and tight integration. As information security becomes increasingly important, enterprise IT architecture projects must accelerate – good news for vendors like Cisco, Check Point, FireEye, IBM, McAfee, and Palo Alto Networks that are moving in a similar direction.
- CISOs must be involved at the start of projects. While security professional work on upping their games, CISOs must elbow their way into business and IT planning at the onset of all projects to avoid the risks associated with the “shadow IT” initiatives of the past few years. To avoid being labeled “Dr. No,” the CISO’s mission should be ensuring secure business processing enablement. I see a lot of upside here for identity management and data security technologies.
- Security must be baked into other meta-trends. Large organizations face a vexing situation where they must improve cybersecurity defenses and oversight while simultaneously adopting new IT initiatives. To ease this burden, CIOs will look for vendors who make security a big part of their meta-trend technologies and services. Amazon, Apple, Microsoft, Samsung, and VMware are responding to this requirement with robust security features as part of their cloud and mobile offerings.