“All industries in all geographies are being radically reshaped by digital disruption – a ‘digital dragon’ that is potentially very powerful if tamed but a destructive force if not…Current enterprise IT is not set up to easily deliver… 51% of CIOs are concerned that the digital torrent is coming faster than they can cope, and 42% don’t feel they have the right skills and capabilities in place to face this future.”
– Gartner, Taming the Digital Dragon: The 2014 CIO Agenda (PDF)
Misalignment between IT and security
Within the context of the “digital dragon” that Gartner explains, it is now more important than ever for IT and security to be aligned. Yet considering the recent rash of data breaches, it is clear that in many enterprises we are still struggling with aligning IT and security strategies.
Cyber security has always been a challenge, of course. But it is, as Gartner puts it, “the increasing digitization and automation of the multitudes of devices deployed across different areas of modern urban environments” that create new security challenges. And those new technology and risk challenges are growing faster than corporations and governments are seemingly able to deal with them.
Within the context of the data center, I frequently see cyber security challenges arise because the security strategy didn’t inform the data center strategy, and vice versa. The misalignment of corporate data center strategy and corporate cyber security strategy is a significant problem that we need to resolve especially as data centers become the “data factories” that drive our business and government enterprises.
But we know how to close the gap
The “next generation” data center – what I call Data Center 2.0 – can, by its nature, help close the gap between IT and security. Data Center 2.0 is the convergence of the physical and the digital environments within a data center environment. For IO, this is the integration of the hardened enterprise-level data center module with the IT stack through comprehensive data center infrastructure management software. More specifically, the key security attributes of the Data Center 2.0 strategy include:
1. Tested, certified, standardized data center infrastructure built within repeatable manufacturing processes, using a trusted and vetted supply chain that includes an assembly process in which modules can be hardened and tested even to the highest levels of national security requirements.
2. Data center infrastructure management software that establishes a baseline and framework for information exchange across operational technology and the Information Technology (IT) “stack” and enables organizations to proactively detect and mitigate threats to their IT enterprise.
Of course, the data center module and software that defines it do not on their own align IT and security. But they make it relatively easy to implement policies on which the IT and security teams have aligned – and then to execute against those policies.
Testament to greater awareness, cyber security spend is increasing
As corporate boards become increasingly aware of the risk (cyber attacks that are increasing in both frequency and magnitude), they are beginning to put greater resources toward IT security. According to PwC’s recently released Global State of Information Security Survey 2015 (PDF), among companies of all sizes, in every year since 2010, security spending has averaged about 4% of total IT spending. But among larger companies – those with revenues over $100 million – security investments increased 5% in 2014 compared to 2013. Two-thirds of large companies expect to increase security spending again in 2015.
So, what do we do to get the most effective use of our IT security spend to help put us in a better place in the face of this increasing cyber threat? Both government and corporate enterprises are recognizing that limited resources need to be placed against the highest valued organizational information assets. Enterprise data centers are primary repositories for these critical information assets – whether they be intellectual property of products or the personal identifiable information of customers required in service transactions. Through the implementation of Data Center 2.0, we now have a consistent and scalable framework for physical/cyber risk mitigation and a framework that C-level executives and technical staff can understand and measure IT security investment.
Undeniably, the “digital dragon” poses significant new IT security threats, which to date have not been anticipated or mitigated very well. But the future is beginning to look a bit brighter as enterprises implement Data Center 2.0 architectures to align IT, security and financial strategies and to better mitigate the technology risk that comes with the “digital dragon.”