Not Just Defensive: Cybersecurity as an Enabler for Business
Neil Thacker, Chief Information Security Officer at cloud security firm Netskope thinks it’s time for Security to shake off its reputation as a roadblock to innovation
In this episode of the Business of InfoSec Podcast,, Neil Thacker, Chief Information Security Officer at cloud security firm Netskope argues that Security shouldn't be seen as a ‘gatekeeper’, rather, it should be an enabler for business agility.
“I've seen [the focus of Security] change in the last five to 10 years. Security has completely moved away from being a ‘blocker’, and sometimes focusing too heavily on things like compliance issues, or other areas, to really being that key enabler for the organization.
“That’s why I find it so fascinating being at the same time in the trenches fighting off external threats dealing with insider threats, but also supporting the organization, especially as they evolve to become more digital-focused and launching new digital services.”
Enabling Business Agility
For many businesses, remote work has become a common practice, particularly in the wake of the global pandemic. An abundance of platforms and services have sprung up to facilitate this, but these can cause friction if not managed carefully.
“It’s showing diminishing returns now for many organizations,” Thacker says. “They realize that it adds risk. It adds friction. It adds complexity. Because you're having to [make] multiple hops to get access and it's slowing employees’ connections down.”
CISOs have an important role in streamlining these processes to enable businesses to be more agile and responsive to market changes as they occur.
“For organizations to maximize the value of the cloud, is it is about moving their network and security controls to live on ‘the edge’. And ‘the edge’ is a virtual interconnectivity platform between the device and the services that they're connecting to,” Thacker explains. “It should support wherever that employee is based so that can get access to their services quickly and efficiently.”
Rethinking Security Architecture
Over the years, many organizations have developed bloated security architectures comprised of multiple security products, consoles, policies, and reporting engines.
This leads to a challenge Thacker calls ‘console fatigue’.
“In some cases, I've worked with organizations where there have been over 50 different consoles to try and manage this, and that's not sustainable and it adds complexity,” Thacker recalls. “What I've seen is a big drive now to simplify. To focus on consolidating a lot of those requirements and those technologies.”
In 2019, industry analyst Gartner recommended a new approach to security architectures named secure access service edge (SASE). A large part of the SASE vision is security service edge (SSE). SSE provides the capabilities necessary for implementing security services to protect remote workers, cloud-based technology, and existing on-premises applications and infrastructure.
“Security service edge can help in a number of areas. We talk clearly a lot about digital transformation, but there's also a form of networking security transformation that can occur,” Thacker says. “Organizations really need to start looking at the benefits of that transformation.”
These benefits can include better performance, improved user experiences, and the ability to roll out new security services faster.
“Making that move to SSE, where you're actually increasing the performance of employees accessing these services. It’s a great win. We've seen lots of organizations say [that they’ve] seen a huge improvement in terms of their performance,” he concludes.
If you’d like to connect with Neil to continue the conversation you can connect with him on LinkedIn here.
You can hear more from the Business of InfoSec Podcast, featuring interviews with leading information security specialists here.