Between the Lines: The State of Enterprise Security
Between the Lines: The State of Enterprise Security
Now more than ever, we must evaluate the state of enterprise security.
Join the DZone community and get the full member experience.Join For Free
We live in an era where cyberattacks come part and parcel with doing business. Companies are routinely hit with attacks big and small, and their customers are feeling the impact as well. While your company may not have suffered a major security attack yet, that doesn’t mean it won’t. Cyberattacks have never been more prevalent or dangerous — and they could end up costing your company millions of dollars and potentially scores of customers.
These trends are making the IT departments that are tasked with endpoint defense, investigation, and remediation filled with dread, and they are looking for ways to get ahead of the problem. Based on conversations I’ve had with customers and partners over the past several months as well as talks taking place at a slew of industry events, here are some of the things I’ve noticed about the state of enterprise security today — the good, the bad, and the ugly.
The Skills Shortage Is Real
The enterprise security industry is remarkably deficient in qualified workers at a time when we need them the most. If predictions hold, cybercrime damage will top $6 trillion annually by 2021, which is almost 10 percent of the world’s economy. That is absolutely staggering! But nearly as troubling is the skills shortage. At the RSA Conference in April, John Stewart, senior vice president, chief security and trust officer at Cisco, pointed out that by 2020, there will be 3.5 million open cybersecurity positions, and for every job that is filled, two more open up. Compounding the problem is a serious lack of diversity. For example, women only account for 11 percent of cybersecurity employees.
Now for the good news. Awareness breeds action. Nearly every company that I speak with is working to make cybersecurity an attractive field for workers of all races and genders. There is also tremendous potential for career advancement — and not a lot of people get to say that they fight the bad guys every day, which is pretty cool. It’s not much of a stretch to see why cybersecurity is emerging as one of the hottest fields for tech workers. Cybersecurity is an area ripe for a diversity makeover as it faces this period of rapid growth.
Automate to Meet the Challenge
While we will always need human power in cybersecurity, the skills shortage will require additional firepower as well. Digital threats are simply multiplying too quickly to address them solely with manual interventions. Last year (2017) was the worst ever in terms of cyberattack volume as security vulnerabilities were up 20 percent year-over-year.
New automated solutions hold promise by successfully running health and security checks across all points and configurations. They can issue routine updates seamlessly, and they do so quickly and efficiently so that human workers are free to focus attention where it is needed most. As a result, systems become more secure and resources are used wisely. Whether it’s zero-day exploits, ransomware attacks, malware, or other issues, look for the tools and products that let you automate the tackling of these issues where they occur: at the endpoints.
Play Well With Others
One thing that is particularly heartening in this age of ultra-competitiveness is the way some of the biggest names in security are coming together to fight the threats facing our businesses worldwide. Because the impact and associated costs of cyberattacks are so severe, organizations are putting aside competition to work for the greater good. Consider the new Cybersecurity Tech Accord. More than 30 companies have signed on to “improve the security, stability, and resilience of cyberspace.” Brad Smith from Microsoft described this international effort as a sort of Digital Geneva Convention to bring the number of malicious cyberattacks down. It attests to the fact that organizations recognize that a much bigger threat exists in the security industry than simply losing market share.
One of the messages I consistently hear is that the winners in the industry recognize that they have to play well with others. This means offering open APIs to integrate multiple security solutions together. With so many available security options, every organization is going to run different combinations and configurations of software, applications, and tools coming from dozens and dozens of vendors. If your company doesn’t have APIs and/or isn’t willing to integrate multiple solutions into your product, the company is going to be left behind. More cooperation results in more customer choice, which is ultimately a very good thing for the industry to continue to progress and innovate.
Machine Learning and AI, Machine Learning and AI
Artificial intelligence (AI) and machine learning are words that vendors feel that they have to use to attract attention — whether these are a legitimate part of a solution or not. The consensus is that AI and machine learning are where the industry is headed. Representatives from OpenText recently noted that 12 percent of enterprises have already adopted AI-based security analytics. This shows a solid move toward AI adoption, but it also says it’s still a little early.
There is a lot of talk and thinking taking place, but the reality is that people are just starting to dip their toes into the AI waters. As the need for smart automation grows, expect AI and machine learning development and adoption to accelerate, particularly in the endpoint security space. Uses and applications will also become much more sophisticated.
Lack of Differentiation
While there is a lot of forward thinking occurring in terms of how enterprise security technologies will evolve to deal with the increasing number and ever-changing nature of cyberthreats, there has not been a lot of true product differentiation recently. I hear the same buzzwords and language repeatedly used to describe offerings, even when those offerings are markedly different from one another! While this demonstrates that the industry is largely aligned with what’s important, there’s no sense of what makes a company unique or special.
In the real world, today’s buyers are having to work hard to get past the hype to figure out what a product actually does, what it looks like, where it excels, and where it falls short. This could ultimately extend product evaluations and sales cycles as companies uncover the real use cases for different vendor products. Moving forward, I would encourage companies to break free a bit to highlight their true differentiators so that we see more clear standouts from the growing crowd of vendors.
The next year will be a big one for enterprise security as new solutions are introduced, existing solutions are refined, and bright minds enter the field to build the products of tomorrow. Hang on to your IT department hats because it looks to be a wild and exciting ride!
As first published in The Innovation Enterprise.
Opinions expressed by DZone contributors are their own.