Virtualization Technology News and Information
LockPath 2018 Predictions: Building Resiliency Requires Integration, Streamlined Processes, and Flexible Technology Support

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Sam Abadir, director of product management at LockPath

Building Resiliency Requires Integration, Streamlined Processes, and Flexible Technology Support

Here we are, wrapping up another year and looking ahead to what the next four quarters may have in store. Many of us are in dire need of a holiday break - 2017 has been unpredictable and often punishing. The threats were extraordinary and incessant - from massive breaches and global ransomware worms to political upheaval and hurricanes. Even for those who managed to avoid any direct hits, the relentless task of risk management can be draining. It's time to step back, assess the challenges at hand, and get ready to face 2018 with confidence.

Staying in the Game

Enterprises have to do all they can to strengthen and stabilize their critical infrastructure and operations in order to develop business resiliency.  According to EY, 40 percent of businesses that experience a disaster go out of business within five years. Consider all the businesses in Florida, Texas, and the Caribbean islands impacted by Irma and Harvey. Now imagine four out of ten of them closing their doors permanently. It's not hard to imagine a massive global cyber attack with similar repercussions.

Because business continuity and disaster recovery capabilities are so vital to sustaining embattled enterprises, more boards and senior executives are taking a broader approach. This includes expanding BC and DR operations from solely IT to include executives and business operations owners. When disaster strikes, it's all hands on deck. So why would we fail to work across departmental divides when it comes to preventing, defending against, and responding to crises and attacks?

Centering Cybersecurity

If you ask most people about the biggest IT security surprise in 2017, they would say it's the Equifax breach. But the bigger surprise is that, after all the alarming breaches over the past decade where 50 million or more accounts were compromised (Anthem, eBay, JPM Chase, Home Depot, Adult Friend Finder, Target, Sony PS Network, Yahoo, Heartland Payment Systems, TJ Maxx, and Equifax), a lot of companies still do not have a considered, monitored, integrated, board-reported approach to cybersecurity. While Equifax might finally drive home the lesson for some, we probably won't feel the true impact of that breach for a year or so; long-term consequences will land in five or more years. What is it going to take for organizations to make integrated IT security, including cloud security, and risk management a priority?

In 2018, we will see more breaches at organizations that do not have an integrated, top-down approach to cybersecurity. After seeing the heads of Yahoo and Equifax in front of Congress, I suspect that CxOs and boards of directors will put extra focus on cybersecurity impacts, leading indicators, and best practices. Cybersecurity education and internal threats will be a central focus. The dangers of relying on common but insufficient approaches to cybersecurity (perimeter defense, signature-based and point solutions, and manual controls) will become apparent. Boards, executives, and security leaders will also need to focus on systematizing and enforcing best practices, processes, and policies.

Managing your Ecosystem

As organizations battle for revenue, advantage, and customer loyalty in a dynamic, digitally transformed, global market, they bring in lots of partners, vendors, and point solutions to make it all happen. In the era of everything-as-a-service, the efficiencies enabled by MSPs, pay-as-you-go tools, and outsourced infrastructure make it easier for organizations to innovate, grow, and pivot. Yet, organizations who outsource critical functions and operations relinquish some control and depend on vendors and suppliers to conduct business ethically, securely, and effectively.

This presents an opportunity for partners and vendors who can show that they have mature cybersecurity, compliance and risk management processes and that they do not expose the organizations to unnecessary risk. Risk and vendor management technology can help vendors and outsourcers in their quest to mature these processes, which can, in turn, help them to gain a competitive advantage.

Developing Resilience

In 2018, organizations who are maturing business resiliency, cybersecurity and risk management processes will continue to adopt cloud-based technologies for integrated risk management. These flexible, integrated risk management platforms can help you move away from inefficient, error-prone manual processes. They help you manage, track, communicate, and coordinate all your governance, risk management, and compliance (GRC) activities from a central system.

By centralizing and systematizing your GRC activities, you can reduce costs, increase visibility and accountability, and make it easier for cross-functional teams to collaborate. These platforms streamline processes such as: conducting enterprise-wide risk assessments; obtaining assurances from third parties that they are meeting obligations; building and testing contingencies for service interruptions; mapping policies and controls to regulatory standards; establish and monitor key performance and risk indicators; and respond to threats and incidents.

By decisively adopting digital competencies around centralized data collection and analysis, automated compliance monitoring, and enterprise-wide collaboration you can address these complex challenges, fortify your defenses, respond more effectively to incidents, and recover operations with speed and agility.

Next Steps

Business resiliency starts with the tone set at the top. To lead policy and practice toward stronger security and risk management, you have to embrace change. IT leaders need the buy-in of board and managers alike; be prepared to educate them about risks, speak their language, and steer away from shiny quick fixes.

In the year ahead, it will be important to focus on internal processes and employee training. You can buy all the GRC technology you want, but getting the most out of it depends on many factors: momentum, leadership and culture, expertise, and a nuanced understanding of how it can support and tie in to your broader risk, security, and compliance efforts. It often works best to start by going after low-hanging fruit and early successes to prove value and keep momentum going. In 2018, focusing on internal threats, third party vulnerabilities, and security fundamentals is a good bet.

If you integrate GRC and risk management practices throughout the enterprise and support them with flexible, efficient technology, your self-regulation efforts will pay off in many ways - and you'll be prepared to prevail over whatever challenges 2018 brings your way.


About the Author

Sam Abadir 

Sam Abadir is the director of product management at LockPath, a leading provider of governance, risk management and compliance (GRC) solutions.
Published Wednesday, December 20, 2017 7:39 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2017>