FINAL WORD
teams. IDC found that 51% of organisations
are finding it difficult to locate skilled IT
security personnel, 49% lack enough IT
budget, and 36% feel that employee
adherence to policies is a threat. These
challenges are further compounded by
limited access to up-to-date threats (40%),
lack of mature security policies (31%) and
limited compliance with regulations (24%).
Mark Walker,
Associate vice
president of Sub-
Saharan Africa
at International
Data Corporation
Security can no longer be built in a vacuum.
The organisation must partner with
vendors to craft solutions that map back to
specific challenges that pertain to industry,
sector and internal structure. The days of
plugging in some security and handing
over a phone number to call when it all
goes wrong have passed.
Internally, there needs to be a clear line of
sight as to who leads Digital Transformation.
The power has gradually left the IT
department and headed into a line of
business. Employees use credit cards to spin
up servers and run workloads that IT hasn’t
heard of, and often never will until there’s a
breach. The technology hand is losing sight
of what the business hand is doing with
technology and this presents significant risk
unless a clear line of sight is established at
the outset.
Learning, Artificial Intelligence (AI) and
the algorithms that power them must start
out with security at their core. A misstep at
the start could create a potentially critical
security weakness further down the line.
Security is under inordinate pressure to
perform and protect while always remaining
behind innovation and the demand for
agility. IT decision makers must balance the
need to drive innovation, monetise data,
manage user expectations and enhance
agility while simultaneously ensuring that
governance, risk and compliance (GRC)
mandates are met. IDC’s research has
found that 37% of CISOs are battling with
this balancing act. They must align the
business’ need for growth alongside both
security and regulatory demands – they’re
all looking for the digital cure to the GRC and
security migraine.
There has been a collateral rise in spending
on security and data management,
76
INTELLIGENTCIO
particularly as the ramifications of POPIA
and GDPR become more apparent.
However, it is highly likely that real
compliance across all fronts will only occur
when a globally impactful incident kicks
everyone into gear. The problem is that
security is a complex web of intricate
solutions on its own and this is made even
more complicated by the influx of local and
global security standards and guidelines.
NESA, NIST, ISO 27001/18/31/35, ISO
22301/NCEMA 7000, CSA-STAR, PCIODSS,
HIPPA, GDRP, Basel III, MiFiD, DESC,
ADSEC, CITC – these are just some of the
codes that rest on security’s plate. And
whoever oversees IT security is liable if
none of the right steps are taken or if
security is breached.
There is an urgent need to minimise and
mitigate risk, to address these challenges
and to overcome some of the hurdles that
are facing both organisations and security
IDC surveyed organisations to establish
exactly who should lead Digital
Transformation. The results found that 75%
believed it should be a joint activity between
the line of business and IT, but 16% believe
it should be led by the business and 8% that
IT should lead the way. The right approach
is the one where both IT and the business
work together, collaborating on projects and
digital initiatives from the outset. Early on is
essential to security success.
Fortunately, the line of business has started to
rethink its views on security. In an IDC survey
from five years ago, only 2% believed that it
was a priority. Today the number has risen to
33%. Breaches like those at Ster-Kinekor and
Liberty are waking up the industry, especially
as they realise that jail and corporate collapse
sit on the lack of compliance horizon.
Now is the time for the organisation to
ensure it is covered and to be able to say
with confidence that the steps have been
taken towards a truly vivacious security
posture. The alternative is unthinkable. n
www.intelligentcio.com