Pick your uncomfortable conversation

Information security

People might read this recent Gartner white paper, “Prevention is Futile in 2020“, and take it to mean that they might as well just give up worrying about cybersecurity. In fact the paper stresses that organizations will need to shift their focus to securing information and people, not their organizations (really, not their network). It’s consistent with Google’s announcement last year that they are shifting their own internal focus to endpoint security, not network.

CIOs that have spent the last 10 or 15 years simplifying operations in order to automate or cut staff will have an uncomfortable conversation ahead of them with their CEOs, because to secure networks or storage, you have to un-simplify it. Best practices call for network segmentation, and network segmentation is really un-simplifying everything you’ve been building (and hopefully simplifying) since client-server networks became a thing in the 90s. I’ll be interested to see how organizations tackle this, but it will be a challenge un-simplifying without some additional staff or consulting money. (Of course, a lot of networks are pretty un-simple already, but I suspect zero trust networks and microsegmentation are going to call for another level of administration – at the very least, a different skillset on your staff.)

CEOs will also have an uncomfortable conversation ahead of them with their boards or their shareholders. Because the truth is that money spent on cybersecurity doesn’t improve your bottom line, no matter what your company/organization produces. And the organization has to choose what information or people it really needs to secure in order to adopt Gartner’s recommendations. Bringing this into focus may highlight competing goals or beliefs within the organization, and the competition between those goals may have to be resolved before the organization can decide where to spend their cyberdefense dollars.

In a world where cyberdefense is projected to have costs reaching one to two TRILLION dollars in the next few years, everyone will have their pick of uncomfortable conversations. Because those dollars make nothing. Those dollars will be costs on which there will be no ROI. Who could be comfortable with that?

Image courtesy of commons.wikimedia.org