In a February 24, 2020 MIT Technology Review Business Lab episode, Balaouras makes the case that the world of cyberthreats is becoming more intricate and perilous. Cybersecurity isn’t just stopping the threats you see, but also the ones you can’t see. “Even companies that have a Chief Information Security Officer (CISO) should take a hard look at how high in the organization they report,” Balaouras says. “Do they have the right budget? Do they have enough staff?  Have you given them the right span of control?”

Thanks to technology we are able to carry our office with us, reach out and talk to anyone at anytime, and all at incredible speed.  The mobile devices that make our lives so much easier, also increase the attack surface for cyber criminals. Few corporate functions have had to pivot so quickly or dramatically as cybersecurity operations. CISOs have had to take steps to minimize network threats targeting the legions of work-from-home employees.

According to a McKinsey article by Venky Anant, Jeffrey Caso, and Andreas Schwarz, “The response to the crisis continues to press department budgets and limit resources for other, less essential functions.”

Many companies are freezing their hiring because of the pandemic. Unfortunately, now is a risky, uncertain time to add full-time equivalent (FTE) employees. But companies, most of which don’t have the expertise in-house, need to hire a professional to lead their cybersecurity initiatives. What’s the solution?

VIRTUAL IS THE KEY WORD FOR 2020 & BEYOND

Virtual Cybersecurity Professionals (VSCP). VSCPs are the latest trend in cybersecurity hiring, bringing additional cybersecurity talent at a fraction of the cost, without requiring office-space, benefits, or training. VSCP don’t require on-boarding, and they can hit the ground running.

BUILD SECURITY ON A SOUND FOUNDATION

They are accustomed to handling a wide range of responsibilities geared towards protecting online data from being compromised. Sure, they safeguard organization’s files, networks, install firewalls, and monitor activity, but they should also create security plans that involve all employees of the company. As mentioned in one of our brief articles on phishing attacks, the best technology in the world isn’t going to protect a company’s data if the employees are not educated on the best practices of handling emails. Having mature fundamental processes in place are vital.

VSCP are not traditional employees that require significant investment. Nor are they consultants who are foreign and not part of your team. They are somewhere in between. As such, they tend to have greater access to C level executives. VSCP can be procured by days – you can hire a VSCP for Monday and Tuesday each week, for example – or for a certain number of hours each week. VSCPs typically work remotely, but schedule time on-site at least quarterly, or more often, as your budget and needs require.

In a Forbes article, Jon Younger explains that when a company “lacks the means to hire full time staff,” they can pull together essential skills and keep the business moving forward by combining full-time and freelance professionals together as a flexible, blended workforce. And increasingly, talent marketplaces are able to organize entire engineering or development teams on a “bolt-on” or plug and play basis.

There are downsides to VSCPs. Like all cybersecurity talent, the professionals are in high demand. There is an overall shortage in cybersecurity professionals. A recent Gartner report showed a 65% increase in demand for cybersecurity professionals and an estimated 3.5 million vacancy on the cybersecurity job market. Although they are easier to find than top-quality employees, it still can be difficult to find a quality VSCP. When you find a good VSCP, it’s important to retain them before their schedules become full. And like an employee, personality and team chemistry are important. Although they are remote, it is important that your security consultant fit your organization’s culture and gets along well with the team.

VSCPs are not an entirely new concept. Companies have been hiring Chief Information Security Officers (CISO) for years. Quality CISOs are difficult to find and expensive. A Virtual CISO (vCISO) is an outsourced security practitioner or provider who offers their time and insight to an organization on an ongoing basis, usually part-time. Working remotely, they are usually engaged to design an organization’s security strategy, and some may handle the implementation as well.  vCISOs are less expensive than staff Chief Information Security Officers and with a quick time-to-value.

IN CONCLUSION

The pandemic seems to be expanding this need to a wider range of security tasks. Staff are separated, budgets are tight, but viruses don’t respect deadlines. Projects still need to be completed despite today’s difficult environment. As another Forbes article points out, “Times are challenging, and it’s time to get creative. Organizations must find a way to respond to modern cyber-threats without stretching their financial resources. The vast majority of security budgets are spent on managed services, and that includes consultancy. Because internal security teams need external help, there is a move away from on-premises products towards services.

A virtual chief information security officer (vCISO) could deliver the most bang for your buck.

Here’s why:

Vast Experience and Proven Leadership
No Training Needed
Reduced Overhead
Flexibility
Faster On-boarding

The VSCP concept was reserved mostly for vCISOs, but times have changed and the concept is ready to be deployed for various types of roles.

This might take the shape of a Cybersecurity Compliance Director who ensures the company is aligned with NIST 800-53, FedRAMP, or HITRUST, or prepared for the 2020 CMMC audits. It might be a Privacy Officer who ensures the company is abiding by GDPR, CCPA, or new the privacy laws of Texas or Nevada, ensuring that the company can keep doing business in those states.

Taking a proactive stance on your company’s cybersecurity could mean setting up an incident response program, a SOC or a SIEM, or a disaster plan. Or maybe hire a penetration tester, AI/ML expert, or cryptographer.

The possibilities are numerous, but even if you could hire all the people you could want, you wouldn’t be able to keep up with the vast scale of the cybersecurity threat problem. Phishing scams are on the rise. Smaller companies are being targeted just as much as larger companies because they are known to lack the resources; so, they’re easier to hack. Cybercriminals are sophisticated and they stay informed. They constantly adapt messages to more effectively scam victims. The FTC estimates $100 million dollars in coronavirus stimulus checks have already been lost to fraudulent cyber crimes. The constant threat of cyberattacks presents a huge problem for all industries and guarding against it effectively requires constant attention. That is why IronOrbit has its own division that handles nothing but security and regulatory compliance.

During these difficult times, companies need to ensure they have SOC processes in place, utilize virtual cybersecurity professionals, and incorporate automated security measures. Probably in that order. Whatever you do, as they say at the end of MIT’s Business Lab podcast, get outside help. You don’t want to go it alone. With IronOrbit, you don’t have to. Learn more about how we can protect your company. Check out our Security and Compliance section and then  give us a call at (714) 777-3222.

The post Virtual Cybersecurity Professionals Needed More Than Ever first appeared on IronOrbit.

Calculating the ROI of your technology investment doesn’t have to be rocket science, but remember what Einstein once said, “Not everything that counts can be counted.”

Looking beyond spreadsheets and calculations means considering how your technology helps you meet your strategic objectives.  Long-term success depends on a proactive agenda of workforce transformation, strategic flexibility, security, and manageability.  Are your technology investments driving productivity for your business? Are they solving challenges or creating more problems? Answers to questions like these are the main reasons why many companies are moving to the cloud.

Forrester released a report in early 2019 that stressed the importance of corporate leaders to gain more fluency in the technology choices made. They need to understand the different performance yields of different innovation efforts. It’s important to be visionary about where the company is headed during the years to come. Know what is at stake should you keep your IT infrastructure on-prem or move it to the cloud. Become focused on how to make business technology a basis of a durable strategic advantage.

While corporate leaders need not be able to use devices, programs, and apps, they should know enough about them to discuss them intelligently with the team.

In a more recent podcast, Forrester gives its top predictions in IoT, AI, and cloud computing.

About half the big enterprise outfits that try to transform their systems fail or stall under the sheer size, and complexity of the process. Certainly, a large part of the problem has its origins in the failure to design a strategic plan that works. Don’t put the cart before the horse. Remember the carpenter’s rule, “measure twice, cut once.” You’ll avoid costly mistakes, both in terms of time and money, if you do research and get as much information as possible before you start spending resources on cloud migration.

ADVICE FROM EXPERTS 

Every organization has its own unique strategic needs. Not all businesses have the same priorities. There is no one-size-fits-all approach to developing a strategy or plan to move to the cloud. Any significant technological transformation requires analyses and consultation with experts in the field. It also helps if these experts know as much as possible about your business goals.

The first step is to become clear-eyed on the business strategy.  Evaluate business objectives and assess how your existing technologies align with meeting those plans. Inevitably gaps will become apparent.

Utilize the insights from the best technology consultants you can find. They’ll be able to recommend available options and optimal routes. In some cases, there may not be an immediately available option that best suits your objective. In those situations, something more innovative and customized to specific needs may be needed. This is exactly why a good advisor is critical to successful cloud migration. A good advisor will be a true IT professional, one who stays abreast of the latest technologies, but also one who has a comprehensive understanding of business operations. Having this kind of resource on hand can mean all the difference between a successful transformation or one that goes off the rails. Failed attempts are costly with absolutely no ROI.

While it’s true that every company is unique and each one has its own set of priorities for future growth and productivity, there are a few technology industry trends that can serve as a guiding light.

THE INCREDIBLE EVER-CHANGING WORKFORCE

This isn’t your grandfather’s workplace environment anymore. It’s not even your father’s workplace environment.  For people to become fully engaged and productive, they need flexibility over the tools they use. The choice of places to work would be nice too. Employees need reliable and secure access to the resources they use and depend on.  Consistency of experience shouldn’t be over-rated either.

Wakefield Research conducted a survey showing the scope of this on-going technological evolution. Not too surprising, the report found that 69% of the employees regularly work remotely. Some 21% of them blend environments by working both in an office and somewhere else, such as at home or a communal workspace (Starbucks anyone?). The survey went on to show that a whopping 80% of the office professionals agree that, within 5 years, businesses will not be competitive without using cloud-based apps. Future-proofing means leveraging cloud servers and taking advantage of new technologies as they become available.

MEETING RISING EXPECTATIONS, PRESSURES, AND DEMANDS FOR INCREASED SECURITY

New business models, competitors, and customer preferences emerge seemingly from nowhere. Turn around for a moment, and there are new things to look at. During this age of acceleration, all of us have to stay on our toes. We have to practically reinvent ourselves from Monday through Friday. Companies of all sizes have to move quickly to capture new opportunities. And if you think it’s intense now, just wait until next year and the year after that. Modern technology and its impact on business is moving at an exponential rate.  I’m getting dizzy just thinking about it.

Even as things are moving at breakneck speed, security demands have never been greater. Security is also more challenging than ever.  Check out our previous blog on cyber attacks and ransomware for some not so gentle reminders of how costly cyber attacks can be. IT transformation has increased the opportunities available to would be hackers. And these hackers have their choice of mobile devices, web apps to IoT. New mandates, like the General Data Protection Regulation (GDPB) have raised the stakes for everyone.

As companies increasingly leverage the cloud to store customer data, SOC 2 compliance is becoming a necessity.

START AT THE BEGINNING

So, let’s start at the beginning of any company’s transformational journey. Ask the question, “Can your current technologies help you meet all the requirements in ways that enable you to move quickly and stay on top of your priorities?”

Wakefield Research shows that 69% of the employees regularly work remotely and 21% of them combine home and office environments.

MOBILE FORCES

MORE PRODUCTIVITY, WITH LESS STRESS AND IN LESS TIME

It’s becoming more common to see employees working from home or both at home and in the office.  Where ever they choose to plow through their day, they need tools that are smart, fast, seamless. They need to work collaboratively. They need to be open robust programs like Revit, or SoftImage, or After Effects, and use them quickly, seamlessly, and without interruption.  Having apps on cloud servers enable distributed teams to collaborate easily across great distances.  Whatever the scenario, the new IT setup needs to empower your people to get more things done, more easily.

KEEP IT SIMPLE

Before making an investment in technology, consider if it adds to the complexity of your workplace or helps reduce it.  Does it help to streamline operations? In other words, does it impose a burden of daily management that diverts attention and resources? Or does it free-up people’s time so that they can focus more on their own work.

SECURITY IS A CHALLENGE

The threat of cyber attacks is greater than ever. A breach of security can be devastating. Finding skilled security professionals has never been more difficult. The more complex the IT environment, the greater the security risk. There are more openings for attacks. Consider public networks, mobile devices, and web apps. There are insider threats, phishing, and so on.

Sometimes it may be worth taking on the additional security risk in exchange for exceptional business value. It’s a trade-off that should be factored into the evaluation of your transformation strategy. Keep in mind, if a technology can make security simpler, more transparent, and more effective, that’s an advantage.

Cryptojacking is the unauthorized use of one’s computing devices. It is accomplished by injecting the system with hidden code that immediately starts benefiting third parties. About two-thirds of companies targeted by ransomware attacks have been infected.

LEVERAGE THE FLEXIBILITY TO IMPROVE STRATEGY

It’s a great period of time to be an IT professional or developer. The hybrid, multi-cloud era has brought tremendous freedom and flexibility to what used to be just a metal box and a lot of colorful cables.  Now, cloud technology enables us to provision resources and demand, scale easily, and support users anywhere. Cloud servers also allow for beefed up security and greater performance. The cloud is where data rules supreme.  It’s not under the rug, in the closet, or filed away on hard drives stored in a drawer. We now have a place, seemingly with no limits, to put all the data we’re accumulating (organizations stockpile data but seldom dispose of it).

On the user side of things, cloud computing has given employees the freedom to choose any device, time, or place to work. These various cloud options mean a consistency of quality user-experience.

The prediction is that 41% of enterprise workload will be run on public cloud platforms by 2020. Another 20% will be private-cloud-based, while 22% will rely on hybrid cloud adoption.

NO TECHNOLOGY EXISTS IN A VACUUM

If one of your investments limits the utility of another, it degrades the value of both. A Good strategic transformational designer will always look at the big picture and assess how everything is connected.

When it comes to remaining profitable while future-proofing a company, not everything is about dollars and cents. Considering the ever-evolving workplace, with all its need for mobile applications, collaboration tools, data crunching, and massive amounts of storage. Keeping our eyes on the big picture is necessary if we’re to evaluate ROI accurately.

The true ROI has to do with information technology that advances key priorities such as productivity, reducing complexity, strengthening security, and ensuring choices are available whenever needed.

The post What is the True Cost & Benefit of Moving to the Cloud first appeared on IronOrbit.