“When you’re finished changing, you’re finished.” These words are as true today for our security industry as they were when one of my heroes, Benjamin Franklin, printed Poor Richard’s Almanac. We can’t fight change. We have to constantly evolve or else we’re obsolete.
Today we have more bandwidth and digital innovation than ever, which creates more risk and complexity. Companies are changing how they work: Seventy-five percent of employees are working remotely, either full-time or part-time. There are more mobile device connections than there are people on the planet, and the average enterprise has 288 different SaaS apps. Likewise, the average CISO is managing 50 or more products.
Imagine working as part of a security team having to have visibility and control over every hybrid worker’s interaction with your company’s data in the web, in the cloud with one of those SaaS apps, and in private apps. How could they possibly do so from 50 management consoles opened on their Mac. It’s impossible, yet we expect our colleagues to do this every day. No wonder we have a talent shortage, while the cost of cyber crime keeps growing to more than $6 trillion annually.
Our industry has traditionally addressed security with a portfolio of point products. Security has become an alphabet soup of capabilities and features, and teams are chasing after different combinations of letters trying to prevent risk. If your people connect to a website, you need a Secure Web Gateway (SWG) to block them from accessing high-risk sites or download malware or upload sensitive data. If you connect to a cloud SaaS app, you need a Cloud Access Security Broker (CASB). And if you’re trying to access a private app like an ERP you wouldn’t want the complexity or risk associated with a virtual private network; you’d want Zero Trust Network Access (ZTNA).
