I want to provide some feedback from the many conversations with fellow CEO’s, customers and partners in the security space as well as data from our great research partners.
I have broken the feedback into a small series; this part discusses the changes we are seeing, part 2 focuses on the solutions that are trying to maintain security in the changing world, and the final piece is a short introduction to our approach.
I look forward to any feedback you all have, and hopefully, it will create a great discussion to help us all improve how data protection is solved.
At a high level, there are two main changes to IT, which I believe will change the way we work as well look at CyberSecurity in the upcoming years.
The growth of application from developing practices to deployment approaches:
Let’s quickly walk through how applications are developed: someone typically faces or sees a problem that can be solved using technology. This usually equates to a website or an application on a mobile device for users to perform a bunch of tasks, which then gets converted into action, and this application saves them time/money. Now a few years ago the process of developing a solution would have taken months (not talking about the final version but a first MVP cut). This was not because the engineering teams were slow, but because the approach and mentality were fundamentally about building everything in-house. Teams have become ‘adaptive’ in software development, aided by cultural shift and frameworks like Agile development. The reality is that many existing companies have not been able to take advantage of the agile movement, because of the legacy tools and infrastructure. Honestly, the industry had to change the mentality of how applications were developed – and we know changing behavior is a hard thing to achieve.
Fast forward today, agile developing is the norm and more importantly if you want to build a feature or clear new technology solution your primary objective is to release something to users as quickly as you can. This now forces the engineering teams to look at what they can use that has already been developed or gets them the majority of the functionalities they need in their pipeline.
The best way I would describe the approach is to imagine when you’re looking to set up a TV unit or install custom cupboard. You would typically start with design/cosmetics and functionality needs. Then you would look to see what off the shelf furniture exists that may fit your need, and finally you customize aspects to ensure it meets in the right places. There is a reason IKEA is a huge success, most of the furniture you get there will fit in your house, it looks good, meet many requirements and is easy to install – even though you end up with four screws after you finish – always!)
The new way of building applications – hopefully with better instructions!
Additionally, we see a significant uptake in the DevOps (+DevSecOps) to assist with the deployment aspects of new applications, which help immensely to ensure that updates (big and small) can be done at speeds that have been next to impossible to achieve in the past. For me, I think the aspects of DevOps has allowed developers to develop faster because now they have the power to see interactions and iterate more quickly.
The DevOps partnership ensures engineering teams to design applications in building blocks (i.e., IKEA flat boxes turning into a cool TV stand). Having the Engineering, QA and Operations teams in one room during the inception of a solution ensures that speed and agility are embedded into the technology. This new way of working leads itself to need new tools and solutions to assist these teams (think virtualization, AWS/GPC/Azure).
With new tools, not everyone understands how to use them correctly, and they will not address every problem. Both create loopholes and expose data processed and stored by these new applications, making it is easy for hackers to access. At least, before there was a process to how companies would develop and everything was behind a companies firewall.
Application consumption, who, how and when they are accessed
This section covers the business and more importantly the user expectation of how they want to work and access applications to allow them to collaborate.
Legacy applications like fat clients required specific OS and different components installed on the machine before they can run. This meant that users could only work from particular locations or with a specific type of devices. Typically these applications were developed using old frameworks and not designed with an ‘API’ first mentality. The good news is that many companies are looking at ‘API first’ approach and are aggressively moving applications to the ‘Cloud’.
It seems that the critical driver to moving to the cloud and changing the way applications are developed and deployed, is fundamental to what the new workforce expects regarding flexibility to access the information they need to work from any device anywhere. Think about it for a minute – if you’re in college, and you can attend lectures, access notes and have to submit your homework from a sunny beach in Miami, then when you go to work, are you going to work for a company that requires you to only access the word document from your registered machine? You might say well if you want to work for specific industries or companies the rule may make sense now but it’s likely that this company is going to face competition from a startup that can deliver their value prop cheaper/faster and more than likely it will not require its employees to be in the office. Another business aspect which we have seen is to question how much real estate is needed and to question whether having a remote workforce will have a positive impact on the companies financials.
The expectation from an early age is, you don’t write but “tap”!
With the change of how people want to work, companies questioning if all employees need a desk and the growing need for companies to access new employee talent from around the world, the way information is consumed and processed by employees is changing. The new workforce expects on-demand information, just because that’s what they are growing up with and as I said, breaking a childhood habit is probably next to impossible…
Looking forward to the next part of the series where I look into the solutions, that are looking to help with the protection of these applications and data!