Pillars of Enterprise Security
Ossama Eldeeb, senior director, Partner Organisation, VMware, South EMEA (France, Iberia, Italy, METNA & SSA, explores how channel partners can successfully assist customers address cybersecurity challenges.
There are two big non-negotiables for companies today. The first is delivering exceptional experiences to users, whether internal or external. The second is securing what has become an increasingly fragmented enterprise – the applications, devices and infrastructure that form the foundation on which these experiences are built.
But companies are struggling to deliver on both fronts and need the help of partners to overcome the ongoing perception that security is still a barrier. This is particularly true when it comes to delivering change – 61% of IT teams and 52% of developers say that security policies are stifling innovation itself. And it’s not hard to understand why; we’ve had years of bolting on new solutions and products, to protect against new threats and try to defend an ever-growing surface area – a trend accelerated just recently, with the rise in hybrid working. The result is that many organisation’s IT estates have become a complex mess of platforms, systems, and solutions that traditional security approaches cannot secure.
We’ve now reached a point where, to provide order within the chaos, companies need the help of trusted partners: skilled third parties that can wrestle a crowded array of security solutions (and perspectives) into an intrinsic defencethat not only protects against sophisticated threats but allows enterprises to drive innovative user experiences. Ultimately, security should be like electricity in a house; available for users to plug into as and when they need it, without thinking how the security is being delivered, just that it is.
It is the ability of partners to look holistically at a company’s IT environment alongside the needs of the business that makes them best placed to help develop a plan that will achieve this all-important balance. How? It starts by working hand-in-hand with organisations to understand how security should look across the business. Below are the key points to consider.
The three security perspectives
Firstly, partners must recognise that ‘security’ in fact falls into three buckets: users, workloads and operations. While they all need to be secure, they each have different perspectives that need to be considered.
- Users need to be able to work, to use the applications, data and services they want, in the way they want it, in the location of their choosing
- Workloads, apps and data in response need to be completely secure, yet just as dynamic – still able to move and share as required
- Operations, meanwhile, the actual implementation of security that can detect, protect, and respond appropriately, needs to deliver total protection without restriction
The question of zero trust
On top of these differing perspectives lies the question of zero trust. To deliver dynamic security in today’s enterprise, more and more companies are looking to adopt this approach to security – one suited to today’s world of apps, data and people that are constantly on the move, constantly accessing networks and constantly sharing information.
Because the applications that users are accessing are evolving. They’ve gone from things in one location to decomposed apps distributed across multi-cloud environments, delivering multiple, manageable microservices to support developers and accelerated innovation. We’re seeing the growth of SaaS-based apps and apps running on hyperscaler infrastructure. Yet the big question is, how many enterprises have actually deployed zero trust effectively to cater for all of this?
The reality is plenty of companies out there think they have. But implementing true zero trust requires the introduction of a huge number of controls, across apps, endpoints and users. It is a challenge to operationalise and many companies are operating with the belief they have something in place, when the reality is not quite that.
The partner opportunity – be a chameleon
This all adds up to significant complexity and challenge. Yet it also encapsulates the partner opportunity, which is to be that clarity in the fog, that order in the chaos. Helping to operationalise true zero trust, to consolidate vendors and solutions so that each security product does what it is required, to ensure no overlap and no gaps.
In this process, there is a big role to play in bringing together the disparate, siloed parts of the business that struggle to connect with each other. As mentioned above, IT and developers, the teams trusted with enabling innovation, are feeling stifled by security. The conflicting priorities of the business – to keep everything secure but let people do what they want – has brought many companies to this point. Being innovative and delivering exceptional user experiences will need these different teams to work together, collaboratively, and cohesively.
Part of the problem is that developers, IT, security teams, all speak different languages. Yet those partners that have supported all these functions at different points can go in and talk to them in ways they understand, while getting across the priorities and needs of other departments. They can be chameleons; using their informed yet detached view and role to help solve the problems of the business, not just one internal audience, so that they can drive the coordination that’s needed between the different parties.
The next step – assess and understand
For partners to do that first they need to understand what the current IT landscape within a business looks like. This detailed assessment should cover the current As Is: understand what the business wants (strategically) and what it needs from its security, highlight vulnerabilities, and identify consolidated or optimisation opportunities.
The last bit is particularly important to companies. No one wants to be told that their current investments need to be completely ripped out, and even if they do, it’s often not feasible. So rather than scare customers into doing nothing, these assessments provide an opportunity to show which solutions are being underutilised, which vendors offer complementary tools, and how they can better use what they’ve currently got.
That’s something that really can only be delivered by an external party that wants to go beyond being a transactional supplier to being a strategic partner. And in doing so, help solve how fragmented enterprises can secure their organisations without hampering innovation.
Chaos into order
With the help of partners, businesses have the opportunity to turn chaos into order and complexity into innovation without compromising the security of their users, workloads and operations. Where security has traditionally been viewed as an obstacle to change, it should now be viewed as quite the opposite. It is one of the vital tools to realign the business and deliver on the first big non-negotiable of modern business – great user experiences.