Virtualization Technology News and Information
Cavirin 2019 Predictions: Transforming the Cybersecurity Boundary

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Joe Kucic, Chief Security Office at Cavirin

Transforming the Cybersecurity Boundary

As new technologies empower cybersecurity to extend the enterprise boundary while consistently reducing overall infrastructure operating costs, we expect business executives to embrace cybersecurity in 2019 as a primary business responsibility and not simply a "technology issue". We also expect new federal and state laws and regulatory guidelines to improve privacy protections and reduce exposure to state-sponsored attacks.

Similarly, government and commercial entities will continue their push to strategically reposition technology services as vendor-managed services, while transitioning primary responsibility for IT to business operations units. In turn, cyber/information security will transform from a technology function to a legal function.

Cybersecurity is not IT's responsibility

Business executives have dedicated resources for Legal, Marketing, Operations, and Sales functions. Even though IT is increasingly integral to the business, they often have to fight for resources across units. Corporate IT guidelines and requirements tend to impede the flexibility needed to drive strategic initiatives. When new business unit initiatives depend on technology involvement, that unit should fund, manage, and monitor the IT resources. Moreover, they should also take cybersecurity ownership because they understand the potential risks and impacts involved.

Since the introduction of the first US Privacy Law (Gramm Leach Bliley Act) the technology paradigm has changed remarkably. While States have started to enact new legislation designed to protect their constituents against the risks inherent in new business models and technology mediums, if these risks are not addressed at the federal level, significant gaps will remain. I expect that individual privacy protections will be expanded and higher penalties imposed, reflecting GDPR influence. These new laws will shape the type and scope of changes we need to implement in current operations models. If addressed correctly, these changes could transform an organization's technology and cybersecurity posture over the next year.

Cybersecurity should transform how you operate

The US is privileged to have an abundance of resources for designing and manufacturing technology within its borders. Given the threats from state-sponsored hackers and recent acts of sabotage and espionage involving technology embedded in hardware, we expect that critical infrastructure businesses and their suppliers will increasingly be required to produce and source their technology within the US.

This shift, coupled with new cybersecurity and privacy laws and regulations, will create a unique opportunity for US businesses to undertake massive technology upgrades and replacements. In addition, as many US businesses have healthy cash reserves and access to low interest rates. It's an ideal time leverage these to expand competitive advantage, address human resource shortages, and lower operating costs.

Technology-as-a-Service is here to stay. Cloud Service Providers will continue to expand their position but will face new competitors as most established technology providers become their own CSPs. In the near future, it will be rare for any business to purchase services from only one solution provider. This continued trend will make cybersecurity more central to the business executive's mandate.

Companies will need a new, business-centric approach to managing hybrid and multi-cloud solutions consistently across the enterprise and routinely providing cyber risk posture reports to leadership. Based on legislative and regulatory changes, transformative technology investments, and the need for agile resources, 2019 is the ideal time to accelerate transitions to the cloud. This transition is a fundamental step towards addressing cybersecurity risks via coordinated efforts throughout the extended enterprise instead of siloed internal IT programs.

Cybersecurity belongs in the GC's office

Cybersecurity breaches are a major business event, and should be shielded through client-attorney privilege. This is best achieved by having the Chief Information Security Officer (CISO) and his direct team report to the Chief Legal Officer (General Counsel). This arrangement protects all entities hired to support cybersecurity activities under client-attorney privilege as well. In the past, the CISO was either hampered by poor visibility into overall company risk profile and/or financial restrictions on technology initiatives. These limitations were the result of reporting to the CIO or CFO, who inherently view trade-offs differently (but have often severely underestimated brand risk and/or legal liability).

Requiring input and acceptance from the Chief Legal Officer will be a natural transformation as technology oversight moves to business units and more IT services are provided by external suppliers. We can predict with certainty that patch management will improve tremendously when the business executive and/or supplier has to regularly update legal regarding business exposure assessments.

Cybersecurity has to stretch to the edge of human understanding

New advances in technology - quantum computing, artificial neural networks, generative adversarial networks, integrated location guided services, and beyond - will create new security challenges. When state-sponsored hackers, organized crime syndicates, and rapidly emerging sci-fi technology converge, it's time for all hands on deck. In 2019, we must work to keep security, privacy, and risk management measures at the heart of the enterprise mission.


About the Author


Joseph (Joe) Kucic is Cavirin's Chief Security Officer, bringing to Cavirin over 20 years of enterprise and security experience. At Cavirin he is responsible for hybrid cloud infrastructure security strategies with CSOs, CIOs and CISOs and their teams across both enterprises and managed service providers / global system integrators.

Published Monday, October 22, 2018 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2018>