Home » Security Bloggers Network » Don’t Get Comfortable: More Change is Coming

Don’t Get Comfortable: More Change is Coming

by FireMon on December 30, 2020

The year that changed everything, and how you’ll have to adapt in 2021

The pandemic will burn itself out eventually, but its effects will not. We’re different people now – we’re intimate with streaming catalogs and we’ve learned to knit, yodel, or speak Esperanto.

And the way we do business is forever changed as well. We’ve learned that innovation is more than a boardroom buzzword and it’s more than something we’ll do in the undefined future. It’s here now, we’re actually doing it, and it’s becoming engrained in our business processes. Iteration isn’t just for software developers anymore.

The challenges and opportunities of the post-pandemic world are going to look very different than those of 2020. How can IT leaders prepare? Where should they be investing? How will their careers be impacted? FireMon CEO Satin Mirchandani joined other technology business leaders on a panel led by eWeek to discuss these topics and others in a free-wheeling conversation.

What We Did Right

“COVID caught us all by surprise,” said Mirchandani. But he also said that organizations rose to the occasion and did some pretty remarkable things. “Candidly, we were pleasantly surprised by how quickly our customers moved to work-from-home status. Most of our customers effectively shifted within weeks of making the decision, which is extraordinary. Now, 80 to 90 percent of our clients’ employees are working from home.” But Mirchandani also noted that the move wasn’t as automated as many of them would have liked. “There are lessons there for the future. COVID has highlighted the need for automation across all industries and business siloes.”

While work-from-home grabs headlines, the panelists focused more on how COVID has changed the way business leaders think about innovation. Vijay Kurkal, CEO of Resolve Systems, said, “When the pandemic first hit, I figured a lot of IT leaders would be extremely busy fighting fires and figuring out how to respond to the pandemic. But the real surprise was how quickly IT leaders not only adjusted, but also recognized the situation as an opportunity to accelerate innovation.”

Sponsorships Available

Kurkal reports that the number of conversations his company is having about how to use automation to support innovation has more than doubled over the same time last year. “IT leaders are increasingly realizing that they need to respond to the speed of change. They are not holding back on innovation, and that’s fantastic.”

Cost Takeout vs. Faster Innovation: Dueling Priorities

So now the challenge is to understand how we can iterate innovation better, faster, and more cost-effectively. Because the pressure won’t be off when the pandemic is over — in fact, it will be more intense for several reasons.

First, business leaders have seen how rapidly IT can pivot, so now they’re going to expect that same level of agility all the time – as they should. Second, they’re going to want to do that without increasing budgets. According to Emmet Keeffe, Operating Partner at venture capital and private equity firm Insight Partners, periods of innovation are typically followed by periods of cost-takeout, where businesses redesign their fundamental components to the lowest-cost structure that can support their objectives. So IT, security, and compliance will be expected to continue innovating at the pandemic pace with no additional resources.

Mirchandani was frank about the impact of these opposing priorities. “Maintaining momentum is going to be hard. The to-do lists are blank and the technical debt has been paid. The excitement is over and now we’re facing the need to meet priorities while cutting costs. It’s going to be a real challenge in 2021 and beyond.”

Everyone Is a Software Developer Now

The era of shelfware is over. As COVID has put immense economic pressure on enterprises, they’ve realized they’ve been buying a lot of tools, deploying them relatively sparsely, and getting only a few cases of value out of them.

“That’s changing completely,” Mirchandani said. He reports seeing a tremendous focus on making sure everything purchased is used fully and that its maintenance is on point. “If, for some reason, software isn’t deployable or no longer matches the business use case, it’s out the door,” Mirchandani continued. “And businesses want to eke out every additional use case possible from the software they keep.”

IT leaders are finding creative ways to achieve their businesses’ objectives without adding costs. For instance, Sam Gilliland, CEO of Cherwell Software, mentioned a large financial services company that requires its teams to determine whether their project can be achieved with automated workflows or no-code before they source any new software.

There’s a lot of power in giving business analysts, product owners, compliance officers, and others the ability to interact directly with automated workflows. When business rules can be written in plain English and implemented through drag-and-drop or other simple web interfaces, and when changes can be made with a few clicks, the need to constantly purchase and deploy more costly software or sign more onerous licensing agreements is reduced to the bare minimum and the speed to market shrinks from months to weeks or even days.

This shift to automation, low/no-code, and intent-based everything is going to drastically change the post-pandemic IT organization. Of course, the use of these technologies requires a different way of thinking, so new types of IT leaders will emerge as well.

The Ascension of the IT Leader

There are new rules to the game, and business leaders are asking about them. “It’s incredibly clear that technology is driving competitive advantage and differentiation for businesses,” said Kurkal. “This is a huge window of opportunity.”

Historically, IT leaders have believed they should sit alongside business leaders when strategic decisions are made. After all, businesses are only as good as their technology enables them to be, so the insights of IT leaders can help those decisions yield the best outcomes. Thanks to COVID, other executives are recognizing how integral IT is to their own teams’ successes. And when every business analyst or compliance officer is writing their own rules and workflows, they understand the value of IT in a very personal way.

The new IT leader will possess the ability to manage the competing priorities of cutting costs and speeding innovation while motivating the workforce to drive business outcomes across the organization. “That’s no small task,” said Gilliland, but it’s one CIOs are well-prepared to address.

Mobilize Your Organization to Embrace Automation at Scale

All the panelists agreed that automation will be front and center in upcoming years. The history of automation is a long one so this isn’t a new topic, but what is different is how automation is being implemented. In the past, an engineer would write a PowerShell script to perform a repetitive task. These one-off scripts made one person’s job easier, but they didn’t address inefficiencies in the organization as a whole. Next, automation evolved into a bolt-on that solved a singular need in one area of the enterprise. By now, most enterprises have a dozen or two automated tools that help a department or a process but are treated as tactical aids, not strategic solutions.

And nobody knows if all those tools are worth buying and maintaining. Kurkal said that when he asks CIOs and IT leaders to quantify the gains in productivity or cost savings their bolt-on automation tools have delivered, they don’t have good answers. This is what happens when tools are purchased outside of a strategic framework. “It’s not about automating individual tasks. It’s about orchestrating a service.”

The alignment of automation and business objectives is where the power of automation really shines, enabling faster delivery of services, faster responses to changing business needs, and faster responses to incidents. And business leaders are recognizing the need to strategize automation. “Conversations around automation are shifting away from siloed point tools to more of an integrated automation center of excellence. So IT leaders should be thinking in totality about how they can deliver an integrated service to the business.” That’s the next level of maturity enterprises need to be working toward.

When asked about the customer journey on the road to automation, Mirchandani said that most FireMon customers’ journeys look very similar. “They start with visibility. Then they move into compliance and governance. And finally, they move into automation.”

The Two Trends that Are Changing Cybersecurity

Mirchandani summarized the two biggest trends in cybersecurity succinctly: “DevOps and the dissolving perimeter.” As the traditional perimeter dissolves and moves towards applications and end points, the challenge for security is how to meet that need while remaining usable. Enterprises need to deploy SASE applications without giving up the granularity of compliance and governance that they’re accustomed to enjoying from a network security perspective.

Mirchandani says that the rush towards SASE, SD-WAN, and software-defined everything is incredibly powerful. “These technologies enable security teams to keep up with their business’s need for speed and agility while providing the appropriate level of security.”

Another trend driving the evolution of security is the adoption of a “shift left” approach to DevOps and CI/CD pipelines, meaning that software testing is incorporated earlier in the software lifecycle. “FireMon customers are pushing incredibly hard to enable their own customers to use these CI/CD pipelines.” The challenge for them is how to translate security into code and deploy it. “This need is driving FireMon toward headless API architectures,” said Mirchandani, “so we can become part of an enterprise-wide DevOps initiative or an automation initiative and still be used in a way that’s consistent with these newer emerging philosophies.”

Now That All Enterprises are Agile, Security Automation is Not Optional

Digital change was already happening when COVID hit: now, it has happened. CEOs are saying their enterprises have gotten more done in the past six months than they had in the previous six years – and all the panelists agreed that this pace of change is here to stay.

The panel audience identified automation and virtual collaboration as the two most important initiatives in their enterprises today. Cybersecurity weighed in at 33 percent, which all the panelists agreed should be higher. “We think the share of dollars allocated to cybersecurity needs to climb,” said Mirchandani, but he also noted a mitigating factor: “There just isn’t enough talent out there to implement security well. Enterprises need to be aggressive in implementing security automation so they can secure their data and workflows, no matter where they reside.”