As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Mikko Disini of A10 Networks walks us through what it takes for enterprises and IT teams to develop digital resiliency.
Enterprises today find themselves at a nexus of trends that make digital resiliency more critical than ever—and more challenging regarding striking a balance between a strong cybersecurity defense and the operational agility for enterprises’ multifaceted digital resiliency needs.
Over the past few years, digital transformation has reshaped the IT environment, rendering traditional perimeter-based approaches to security obsolete. The COVID-19 pandemic accelerated this shift, as the ability to enable remote and hybrid work proved critically important to maintaining business continuity. However, remote work has severely impacted IT strategy and the shift to the cloud, given the ease of remote deployment and access to software, SaaS, and other cloud services. In parallel, the increasing flexibility and openness of the enterprise environment has also made it more porous. In an intensifying cyber threat landscape, the same innovations that make businesses more resilient can also make them more vulnerable to DDoS attacks, ransomware, data theft, and other disruptions.
Digital Resiliency in the New Age
As enterprises balance the need for flexibility, agility, and innovation with the risks that come with an evolving infrastructure, one requirement stands out: maintaining the high levels of performance and availability that customers and employees demand—no matter what happens. In the digital age, success depends on digital resiliency.
To understand the challenges, concerns, and perspectives of large enterprises as they adapt to the rigors and risks of digital transformation and hybrid work, we commissioned a global survey by Opinion Matters of professionals overseeing network infrastructure, security, and cloud migration. The findings were revealing– organizations are investing in modern technologies that support digital transformation initiatives and striking a balance between employing strong Zero Trust principles and while maintaining operational agility. Moreover, high levels of concern around all aspects of digital transformation solutions with a strong focus on business continuity will be the norm for the years to come.
Rapid Change Reshapes IT Requirements—and Raises Concerns
Ongoing macroeconomic shifts are fundamentally changing the way companies hire employees and engage with customers, from the globalization of business and trade, to the work-from-anywhere workforce, to the widespread embrace of digital channels for a broad range of consumer products and services. Within the enterprise, we’ve seen interrelated innovations to enable these changes, particularly the rapid adoption of cloud infrastructure, DevOps practices, and microservice architectures to allow faster innovation, simpler deployment, and greater business agility.
While this modern digital environment can drive powerful value for the business, it can also be highly susceptible to disruption, from operational issues to cyber-attack. As a result, digital resiliency has become a board-level topic, as senior executives seek assurance that the business will remain productive and competitive even when disruptions occur. For professionals in charge of network infrastructure, security, and cloud, this mandate brings endless worries. Asked to rate their concern about 11 aspects of business resilience, almost every respondent expressed some level of angst about every single issue named. Their foremost concerns included the challenge of optimizing security tools to ensure competitive advantage, utilizing IT resources in the cloud, and enabling remote access and hybrid working while ensuring that staff feel supported in whatever work style they wish to adopt.
As the pandemic lingers on, the likely shape of the next normal has become harder to discern. While some organizations remain committed to a wholesale return to the office, others perceive value in maintaining a remote or hybrid workforce for the long term. Still, while one-quarter of survey respondents expect to see a 50-50 split between office and remote work in the future, and 14 percent believe that a majority remote workforce will now be the norm, a full two-thirds of survey respondents indicated that employees will work fully or mostly from an enterprise office in the long term. If there is a consensus, it favors a return to the pre-pandemic status quo.
Public Clouds, Private Clouds, and On-Prem Coexist
The pivot to the cloud may dominate the industry conversation, but on-prem remains a mainstay for many organizations: around one-fifth of survey respondents maintained an on-prem environment and are likely to do so in the future. Slightly higher numbers relied on public cloud and SaaS environments, while private clouds proved the most popular option at nearly 30 percent.
The shared security model of the cloud, in which cloud service providers (CSP) and enterprises each have a role to play, is a perennial source of confusion and potential gaps. Our survey found one possible example of this: While nearly two-thirds of respondents felt that the security provided by their CSP is sufficient, 47 percent reported that their CSP is not meeting its service level agreements (SLAs). Simply put, these numbers don’t add up. SLAs are critical to manage, mitigate, and reduce operational and compliance risk, including the impact of a security breach or network disruption. If a CSP falls short on its SLAs, it can’t ensure true digital resiliency and can’t deliver the risk mitigation implied by its security measures.
Escalating Cyber Threats Make Zero Trust a Must
As hackers innovate, attacks escalate, and geopolitical tensions increase, organizations of all kinds face heightened risk. DDoS amplification and reflection attacks are fast, cheap, and easy to perform. State-sponsored attacks and digital aggression are also increasing, as seen in the ongoing conflict between Ukraine and Russia. With this in mind, it’s little wonder that organizations have deep concerns about a broad array of security challenges, foremost the loss of sensitive assets and data and the disruptive impact of downtime or network lockdown.
With the secure enterprise network giving way to the open internet as the de facto environment for modern computing, businesses can no longer base their security strategy on a hardened perimeter. Instead, it’s now essential to ensure security at every level of their technology ecosystem, from the core to the edge and beyond, while allowing any time, anywhere secure access to essential business applications.
Looking to the future, companies must augment a Zero Trust strategy with new sources of cybersecurity risk information, such as specialized DDoS threat intelligence, while adding new DDoS protection capabilities that anticipate and protect against threats from both internal and external sources. It’s clear that organizations need to optimize security tools for competitive advantage and to ensure their networks are not being weaponized for further attack. Once again, we see the need to balance protection with business agility as a core digital resiliency challenge facing enterprises today.
- Digital Resiliency Depends on Zero Trust, Cloud, and Remote Working - September 7, 2022